Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hilfe Trojan.agent

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.01.2013, 18:54   #1
Sascha2603
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



Hallo,
Ich bin nach jedem Systemstart gefragt worden mit welchem Programm ich denn die folgende Datei namens ,,Sascha``öffnen wolle.Diese Datei lässt sich aber nirgends finden.Habe jetzt einen Scan mit Malwarebyte durchgeführt.folgendes ist dabei herausgekommen:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.15.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sascha Woitzik :: MAUSI [Administrator]

Schutz: Aktiviert

15.01.2013 19:41:21
MBAM-log-2013-01-15 (19-47-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233162
Laufzeit: 5 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Daten: yäÓ·h̵B£8“ŽÎ5ô -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Sascha Woitzik\Downloads\setup (1).exe (Trojan.FakeVLC) -> Keine Aktion durchgeführt.
C:\Users\Sascha Woitzik\Downloads\setup.exe (Trojan.FakeVLC) -> Keine Aktion durchgeführt.

(Ende)

Alt 15.01.2013, 19:05   #2
markusg
/// Malware-holic
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 15.01.2013, 19:58   #3
Sascha2603
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.01.2013 20:18:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sascha Woitzik\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 49,52% Memory free
7,99 Gb Paging File | 5,56 Gb Available in Paging File | 69,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,00 Gb Total Space | 188,57 Gb Free Space | 41,72% Space Free | Partition Type: NTFS
Drive D: | 13,46 Gb Total Space | 2,24 Gb Free Space | 16,60% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 95,56 Mb Free Space | 96,50% Space Free | Partition Type: FAT32
 
Computer Name: MAUSI | User Name: Sascha Woitzik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.15 20:15:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha Woitzik\Downloads\OTL.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.04 22:06:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Sascha Woitzik\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.06.21 14:58:50 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.06.21 14:29:14 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.04.19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
PRC - [2010.08.02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.02.26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.12.12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2009.08.05 05:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.04 22:06:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.13 00:07:23 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.06.21 14:58:50 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.06.14 23:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.30 20:08:10 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.08.08 13:35:04 | 000,021,272 | ---- | M] () [Auto | Running] -- c:\Programme\Ocster Backup\bin\backupService-ox.exe -- (ocster_backup)
SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.08.02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.01.09 17:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.01.09 17:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.10.25 03:52:12 | 000,236,160 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CxPlrCap.sys -- (CXPLRCAP)
DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.09.23 13:33:13 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.05.06 05:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010.04.29 06:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.04.22 04:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010.04.22 03:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010.04.22 03:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010.02.26 01:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009.12.07 18:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.07 18:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.21 18:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.08.30 01:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009.08.05 06:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 08:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.07.15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.24 20:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.09 05:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2012.04.30 20:08:32 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.11.04 01:07:05 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010.10.19 21:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101111.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010.09.25 10:32:28 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4B928E9F-C16C-4D2C-B1C5-F8D09C5DD32C}
IE:64bit: - HKLM\..\SearchScopes\{4B928E9F-C16C-4D2C-B1C5-F8D09C5DD32C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{4B928E9F-C16C-4D2C-B1C5-F8D09C5DD32C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0D9C0450-C994-40B6-9066-4F1D7E59FC26}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{246C6E02-F643-492A-974F-A5D55BB12C31}: "URL" = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
IE - HKCU\..\SearchScopes\{43ED0A43-01CA-4DC8-9F78-D9CAB5BB4F86}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{4770FB4B-23F6-43E4-B14C-97AEA69879CE}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN19601824380693-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=5e7f7f47000000000000f67bcb90436c&q={searchTerms}&r=138
IE - HKCU\..\SearchScopes\{4B928E9F-C16C-4D2C-B1C5-F8D09C5DD32C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{4FC6E29C-60EE-4A79-94E3-2DAE9BA64838}: "URL" = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
IE - HKCU\..\SearchScopes\{54C7C1DC-E92F-4223-A695-769EF18C1D11}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{747EAF7E-569B-4469-9522-CC5F2572C749}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{7F2AAC5B-267E-4772-8023-0E8B6E828D29}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{AE507AA0-A851-49CE-AA68-393B88CF60E5}: "URL" = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
IE - HKCU\..\SearchScopes\{E5D6D3EA-1D08-4F6A-94A5-7D8C1CE047A8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=b1ccd375-8ffe-4d49-954c-bd52a4722c12&apn_sauid=2846A801-318E-434C-A01B-70F845979ED9&
IE - HKCU\..\SearchScopes\{FA0A6DCC-595A-40EE-BC5E-C4F50884AB15}: "URL" = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=hp&babsrc=lnkry"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:10.13.40.15
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=ds&babsrc=lnkry&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sascha Woitzik\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sascha Woitzik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sascha Woitzik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sascha Woitzik\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sascha Woitzik\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sascha Woitzik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.07.15 18:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.11.18 09:49:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.11.18 09:49:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.07.15 17:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.23 19:40:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.15 17:53:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.15 17:55:09 | 000,000,000 | ---D | M]
 
[2011.11.22 14:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha Woitzik\AppData\Roaming\mozilla\Extensions
[2013.01.15 19:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha Woitzik\AppData\Roaming\mozilla\Firefox\Profiles\8uzgcqgq.default\extensions
[2013.01.03 16:26:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Sascha Woitzik\AppData\Roaming\mozilla\Firefox\Profiles\8uzgcqgq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2013.01.03 16:26:17 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Sascha Woitzik\AppData\Roaming\mozilla\Firefox\Profiles\8uzgcqgq.default\extensions\ffxtlbr@zonealarm.com
[2013.01.15 19:14:49 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Sascha Woitzik\AppData\Roaming\mozilla\Firefox\Profiles\8uzgcqgq.default\extensions\helperbar@helperbar.com
[2013.01.15 19:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha Woitzik\AppData\Roaming\mozilla\Firefox\Profiles\8uzgcqgq.default\extensions\trash
[2013.01.03 16:24:26 | 000,491,479 | ---- | M] () (No name found) -- C:\Users\Sascha Woitzik\AppData\Roaming\mozilla\firefox\profiles\8uzgcqgq.default\extensions\abb@amazon.com.xpi
[2013.01.15 11:03:02 | 000,002,455 | ---- | M] () -- C:\Users\Sascha Woitzik\AppData\Roaming\mozilla\firefox\profiles\8uzgcqgq.default\searchplugins\Web Search.xml
[2012.07.15 17:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 19:38:48 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Babylon Search
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Babylon Search
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sascha Woitzik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sascha Woitzik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sascha Woitzik\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Sascha Woitzik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Sascha Woitzik\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: tote Zed = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhboeeflphckkiijmdkhenfomcijjmhi\2.1_0\
CHR - Extension: YouTube = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Webmail Ad Blocker = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp\3.2_0\
CHR - Extension: Battlefield Heroes = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.196.0_0\
CHR - Extension: Adblock Plus = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: TimelineRemove = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\1.0.7_0\
CHR - Extension: Facebook Ads Blocker = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0\
CHR - Extension: F2B Dark Electrique - Ibis Tribute on Black = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkhfghgcedfhpkoilcmohbcmkbcdodd\1_0\
CHR - Extension: Adblock for Pirate Bay = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd\1.30_0\
CHR - Extension: NASA TV - ISS = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkecoihdfgepbbmpfghpgmcnnebnnnhd\2.2_0\
CHR - Extension: Regen-Alarm = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok\1.1.9_0\
CHR - Extension: Google Mail-Checker = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: FastestChrome \u2013 Schneller browsen = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.3_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.80.5_0\
CHR - Extension: Google Mail = C:\Users\Sascha Woitzik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011.10.06 11:48:37 | 000,000,895 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics
O1 - Hosts: 127.0.0.1 google-analytics.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Sascha Woitzik\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Sascha Woitzik\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sascha Woitzik\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sascha Woitzik\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CEFB440-E21B-4211-B7BB-2665BB65E227}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41E8F965-45CA-46FB-9547-51F6AF3AFFA4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C41EF39-D064-46DB-BB9C-9E9E909E30AE}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0393F3D-1265-4DDA-9DC7-0820AB5D1FB2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01ecb426-c713-11df-a065-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{01ecb426-c713-11df-a065-001e101fabdd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{70e6ee0b-0967-11e2-b118-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{70e6ee0b-0967-11e2-b118-c80aa9523be3}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{7b3d9bd2-e461-11df-831d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3d9bd2-e461-11df-831d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b3d9c13-e461-11df-831d-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3d9c13-e461-11df-831d-c80aa9523be3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b3d9c22-e461-11df-831d-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3d9c22-e461-11df-831d-c80aa9523be3}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{98a689ff-c425-11e0-95a5-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{98a689ff-c425-11e0-95a5-c80aa9523be3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dbbb1aaf-c6fa-11df-be45-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{dbbb1aaf-c6fa-11df-be45-c80aa9523be3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dbbb1ac0-c6fa-11df-be45-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{dbbb1ac0-c6fa-11df-be45-c80aa9523be3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dbea8901-0c07-11e0-84fb-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{dbea8901-0c07-11e0-84fb-001e101f36d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fc6706b2-d6e1-11df-b3f7-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{fc6706b2-d6e1-11df-b3f7-001e101f82a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
MsConfig:64bit - StartUpReg: BitTorrent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
MsConfig:64bit - StartUpReg: EEventManager - hkey= - key= - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: EPLTarget - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Sascha Woitzik\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Sascha Woitzik\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: Mobile Connection Manager - hkey= - key= - C:\Program Files (x86)\o2\Mobile Connection Manager\emmsn.exe (Telefónica I+D)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Ocster Backup - hkey= - key= - C:\Program Files\Ocster Backup\bin\backupClient-ox.exe ()
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.15 19:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.15 19:31:51 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.15 19:30:59 | 000,000,000 | ---D | C] -- C:\Users\Sascha Woitzik\Desktop\Anti-Malware Pro Full Version From MaherHackers.Com
[2013.01.15 16:55:34 | 000,000,000 | ---D | C] -- C:\Users\Sascha Woitzik\AppData\Roaming\Spyware Terminator
[2013.01.15 16:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.01.15 16:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013.01.15 16:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013.01.15 16:32:34 | 000,000,000 | ---D | C] -- C:\Users\Sascha Woitzik\AppData\Roaming\Malwarebytes
[2013.01.15 16:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 16:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.15 16:32:12 | 000,000,000 | ---D | C] -- C:\Users\Sascha Woitzik\AppData\Local\Programs
[2013.01.13 15:18:01 | 000,000,000 | ---D | C] -- C:\Users\Sascha Woitzik\Desktop\Hochzeit.vid
[2013.01.03 16:24:16 | 000,000,000 | ---D | C] -- C:\Users\Sascha Woitzik\AppData\Roaming\Systweak
[2013.01.03 16:24:14 | 000,020,488 | ---- | C] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\SysNative\roboot64.exe
[2013.01.03 16:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013.01.03 16:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012.12.23 20:38:46 | 000,000,000 | ---D | C] -- C:\Users\Sascha Woitzik\AppData\Local\Apps
[2012.12.23 20:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2012.12.23 19:41:08 | 000,000,000 | ---D | C] -- C:\Users\Sascha Woitzik\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.23 19:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.12.23 19:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.23 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.12.22 22:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.12.19 22:01:55 | 000,000,000 | ---D | C] -- C:\inetpub
[2012.12.17 21:19:40 | 000,000,000 | ---D | C] -- C:\Users\Sascha Woitzik\AppData\Local\Smartbar
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.15 20:17:01 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 19:49:01 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000UA.job
[2013.01.15 19:33:40 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 19:33:40 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 19:32:50 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 19:26:20 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.15 19:26:16 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.01.15 19:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 19:25:08 | 3218,239,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 18:23:03 | 000,001,174 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000UA.job
[2013.01.15 18:11:08 | 001,407,738 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.15 18:11:08 | 000,616,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.15 18:11:08 | 000,580,712 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.15 18:11:08 | 000,122,226 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.15 18:11:08 | 000,098,608 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.15 17:48:57 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013.01.15 17:48:57 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013.01.15 16:32:10 | 000,634,272 | ---- | M] () -- C:\Users\Sascha Woitzik\Desktop\pcp_claro.exe
[2013.01.03 16:24:13 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013.01.01 18:32:40 | 000,020,488 | ---- | M] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\SysNative\roboot64.exe
[2012.12.31 02:49:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000Core.job
[2012.12.26 00:23:02 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000Core.job
[2012.12.23 19:41:00 | 000,001,266 | ---- | M] () -- C:\Users\Sascha Woitzik\Desktop\Free YouTube Download.lnk
[2012.12.21 01:23:20 | 000,442,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.19 22:11:25 | 000,002,163 | ---- | M] () -- C:\Users\Sascha Woitzik\Documents\Mein Film.wlmp
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.15 19:31:53 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 16:31:59 | 000,634,272 | ---- | C] () -- C:\Users\Sascha Woitzik\Desktop\pcp_claro.exe
[2013.01.03 16:24:26 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013.01.03 16:24:25 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013.01.03 16:24:13 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.12.23 19:41:00 | 000,001,266 | ---- | C] () -- C:\Users\Sascha Woitzik\Desktop\Free YouTube Download.lnk
[2012.12.20 00:59:31 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.20 00:57:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.19 22:11:25 | 000,002,163 | ---- | C] () -- C:\Users\Sascha Woitzik\Documents\Mein Film.wlmp
[2012.08.31 23:14:19 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.31 23:14:17 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.27 21:17:22 | 000,005,082 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2012.02.18 13:49:47 | 000,004,910 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2011.11.22 18:53:41 | 000,000,000 | ---- | C] () -- C:\Users\Sascha Woitzik\AppData\Roaming\wklnhst.dat
[2011.10.23 11:55:15 | 000,007,611 | ---- | C] () -- C:\Users\Sascha Woitzik\AppData\Local\resmon.resmoncfg
[2011.06.23 16:09:12 | 000,000,000 | ---- | C] () -- C:\Users\Sascha Woitzik\AppData\Local\{2DD63690-8119-4FDE-BFB8-C264CDD02BE8}
[2011.05.04 11:10:17 | 000,000,000 | ---- | C] () -- C:\Users\Sascha Woitzik\AppData\Local\{9A9A0280-8A70-4483-896B-EBF5B0736E92}
[2011.03.22 11:46:31 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.03.22 11:34:31 | 000,003,584 | ---- | C] () -- C:\Users\Sascha Woitzik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.09 08:14:26 | 000,001,854 | ---- | C] () -- C:\Users\Sascha Woitzik\AppData\Roaming\GhostObjGAFix.xml
[2011.01.31 18:13:46 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010.12.26 18:36:43 | 000,020,662 | ---- | C] () -- C:\Users\Sascha Woitzik\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.20 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Amazon
[2011.10.06 11:46:20 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\AntiBrowserSpy 2009
[2010.11.30 15:49:24 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\BitTorrent
[2012.05.07 09:31:18 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\CheckPoint
[2011.11.23 13:50:58 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012.12.26 22:13:20 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\DVDVideoSoft
[2012.12.23 19:41:08 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.01 18:53:38 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\EPSON
[2012.12.19 22:09:45 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\FreeVideoConverter
[2011.11.08 23:08:31 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\GlarySoft
[2011.04.12 12:49:34 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Groove Games
[2011.10.03 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Intermedia Software
[2010.09.24 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Lunascape
[2011.04.09 18:40:06 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\MAGIX
[2011.03.22 12:41:46 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\MAXON
[2012.02.18 14:39:27 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\MOVAVI
[2012.09.01 00:57:43 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Need for Speed World
[2012.12.23 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\OpenCandy
[2011.10.14 12:25:37 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\OpenOffice.org
[2013.01.15 16:55:34 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Spyware Terminator
[2013.01.15 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Systweak
[2010.10.13 21:01:02 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Telefónica
[2011.11.22 18:53:46 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Template
[2012.05.22 12:10:43 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\TuneUp Software
[2011.07.13 15:25:47 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\Unity
[2012.04.19 08:57:57 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\wargaming.net
[2011.05.27 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\WildTangent
[2010.09.23 13:52:27 | 000,000,000 | ---D | M] -- C:\Users\Sascha Woitzik\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.05 19:09:51 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.10.29 09:54:14 | 000,000,000 | ---D | M] -- C:\AeriaGames
[2009.11.15 04:51:30 | 000,000,000 | -HSD | M] -- C:\boot
[2013.01.15 17:56:00 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.09.23 11:13:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.04.19 07:56:54 | 000,000,000 | ---D | M] -- C:\Games
[2011.10.29 09:54:14 | 000,000,000 | -H-D | M] -- C:\HP
[2012.12.21 01:40:14 | 000,000,000 | ---D | M] -- C:\inetpub
[2011.10.29 09:54:33 | 000,000,000 | ---D | M] -- C:\Lukas
[2011.10.29 09:54:14 | 000,000,000 | ---D | M] -- C:\meine  mucke
[2011.10.29 09:54:14 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.21 01:40:51 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.15 17:47:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013.01.15 19:26:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.09.23 11:13:53 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.09.23 11:15:01 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.29 09:54:15 | 000,000,000 | ---D | M] -- C:\SwSetup
[2013.01.15 20:21:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.29 09:54:15 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2012.12.15 20:05:44 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.15 17:48:38 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.10.04 20:21:23 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000Core.job
[2010.10.04 20:21:24 | 000,001,156 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000UA.job
[2010.12.18 10:36:29 | 000,001,122 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.12.18 10:36:30 | 000,001,126 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.09.15 20:13:28 | 000,001,152 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000Core.job
[2011.09.15 20:13:29 | 000,001,174 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000UA.job
[2011.11.08 23:06:36 | 000,000,344 | ---- | C] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.12.05 16:23:43 | 000,000,368 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForSascha Woitzik.job
[2013.01.03 16:24:25 | 000,000,302 | ---- | C] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2013.01.03 16:24:26 | 000,000,294 | ---- | C] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.04.08 10:23:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.04.08 10:23:05 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.04.08 10:23:05 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2008.04.29 16:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
[2010.04.08 10:23:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008.07.01 14:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2011.03.11 06:33:59 | 001,137,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mfc42.dll
[2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
[2011.06.11 01:58:52 | 000,421,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvcp100.dll
[2009.07.14 02:15:50 | 000,406,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvcp60.dll
[2011.06.11 01:58:52 | 000,773,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvcr100.dll
 
< %USERPROFILE%\*.* >
[2013.01.15 20:36:31 | 004,718,592 | -HS- | M] () -- C:\Users\Sascha Woitzik\ntuser.dat
[2013.01.15 20:36:31 | 000,262,144 | -HS- | M] () -- C:\Users\Sascha Woitzik\ntuser.dat.LOG1
[2010.09.23 11:14:05 | 000,000,000 | -HS- | M] () -- C:\Users\Sascha Woitzik\ntuser.dat.LOG2
[2010.09.23 14:03:07 | 000,065,536 | -HS- | M] () -- C:\Users\Sascha Woitzik\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.09.23 14:03:07 | 000,524,288 | -HS- | M] () -- C:\Users\Sascha Woitzik\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.09.23 14:03:07 | 000,524,288 | -HS- | M] () -- C:\Users\Sascha Woitzik\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013.01.15 17:48:51 | 000,065,536 | -HS- | M] () -- C:\Users\Sascha Woitzik\ntuser.dat{11224bfd-5f32-11e2-922c-ead912f396f0}.TM.blf
[2013.01.15 17:48:51 | 000,524,288 | -HS- | M] () -- C:\Users\Sascha Woitzik\ntuser.dat{11224bfd-5f32-11e2-922c-ead912f396f0}.TMContainer00000000000000000001.regtrans-ms
[2013.01.15 17:48:51 | 000,524,288 | -HS- | M] () -- C:\Users\Sascha Woitzik\ntuser.dat{11224bfd-5f32-11e2-922c-ead912f396f0}.TMContainer00000000000000000002.regtrans-ms
[2010.09.23 11:14:05 | 000,000,020 | -HS- | M] () -- C:\Users\Sascha Woitzik\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---
__________________

Alt 15.01.2013, 20:40   #4
Sascha2603
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.01.2013 20:18:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sascha Woitzik\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 49,52% Memory free
7,99 Gb Paging File | 5,56 Gb Available in Paging File | 69,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,00 Gb Total Space | 188,57 Gb Free Space | 41,72% Space Free | Partition Type: NTFS
Drive D: | 13,46 Gb Total Space | 2,24 Gb Free Space | 16,60% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 95,56 Mb Free Space | 96,50% Space Free | Partition Type: FAT32
 
Computer Name: MAUSI | User Name: Sascha Woitzik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EC7E80A-9281-4899-8841-8BA5E3BB165D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{21EB2CFA-E9EB-4FB1-ACB3-5052A3A2919E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2B14B783-7A06-405C-9304-95942ECC06B9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{2E1898DE-E413-420C-A690-824D4F6009AC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3256ADC9-54DE-41EA-A2A9-CE4EBE7DFBC3}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{34B6A86A-7E83-475C-9809-0C2A4A434BD7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{388081B0-6244-4EA8-BBBD-526CBCDA153E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{392555EF-58D3-444C-8BE2-9FC990EEE004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3D9552EE-C824-4443-B930-FD8EF24C0CF3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{50089B15-0ED3-463F-800E-EE22B8A8752C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5B6BF893-88AC-4CAB-BF8C-198F20ABDF92}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5C787E58-408C-4A76-8ADC-08812607F9D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{67FDCBF9-AC91-4D18-A676-25BB0B1E8BD6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{71113E5A-54BE-4124-8981-C190D3CF7C4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{723DB24B-C73E-4E89-B373-F40216F162B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74FF84C5-9DFD-412C-B945-38758A6508BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84A15166-39EC-4CC1-A254-C4E990307AAA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{861283B9-2DE4-4757-96C5-026924DC0E09}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A72EAC58-6983-4FAB-9021-51D984F9E075}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AE98BFC6-33BC-4149-A530-D0F4B5E2F715}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9EB6814-BD9D-48BB-9D34-CF527CBC4E5B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CDC27DB6-9466-450C-A35B-2AE2A4E4BC63}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D046365E-385F-48EA-8EFF-529BA266E17B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D6EE5CDA-2BFF-4D74-A7F8-62395809B96B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E01BC4E6-5660-4D24-B1FD-AFB8A1A2B334}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E03E31B2-18AB-4A20-A071-423F8F772E41}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E1BCC932-38B8-4C57-A9CB-D0825445A7C1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E5A4AB87-BDFA-450C-974F-7BE596B0C994}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E5E60B3C-DEAA-4DDE-8B5B-8EC65D52533E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EA2EF850-F06A-4EE3-935A-D7EE00C073B3}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface | 
"{FE24195A-D178-464F-BEE5-43FF2807524E}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D5AC12-E9CE-4EAC-B2A2-6E1D1447046C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{10521175-AE32-40AD-A674-A8A4A0D6927F}" = dir=in | app=c:\users\sascha woitzik\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{1336A1D8-032F-4DA2-AE71-99E366AE97E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1B7ABCE9-9015-4FC8-899D-2048BE3DFF3A}" = protocol=6 | dir=out | app=system | 
"{1F7F739C-A847-4280-86BA-86FE6EE5EBC9}" = protocol=17 | dir=in | app=c:\users\sascha woitzik\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{261807B7-1484-4AE4-B117-37BFA84CF61D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3CA0B378-A8F5-4347-AEE3-1FFE8D23E554}" = protocol=6 | dir=in | app=c:\users\sascha woitzik\appdata\local\akamai\netsession_win.exe | 
"{45172884-8F9B-4453-AE96-72E7A573D843}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{47A7EF1B-CB35-4336-A4D7-59D25A4EE06A}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{48B8F4C0-677C-4BAC-98D6-89957F29C9C8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4CCDC386-8D9B-43E1-A394-6D42D83311F2}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{5881D522-A959-453A-AB17-834C99E07D57}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5C262451-2ECB-4E11-935F-74F9FF234C8D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5FA4A8CB-E2A3-4DBD-9598-E1A0F90BBBF7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5FAECE93-1A12-4C5D-B957-02C0E0ECD789}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6A2191D6-34D1-4E01-90EF-80565FDB7745}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6C45A6DD-9F04-45AD-BB94-2BCE811CA8CC}" = protocol=6 | dir=in | app=c:\users\sascha woitzik\appdata\local\akamai\netsession_win.exe | 
"{70CF7A90-46A8-44F7-9D14-93FA18532AF8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{7B974A28-139D-49DF-AC69-D89138D04F4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{82940AFD-EAE8-424D-8865-4B059A37191A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{86750845-4D54-42F1-B27A-28D0DAD9E3F7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{89D4BBF5-712C-4635-A606-9895E3F62101}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E9E8D5F-10D1-44BD-B6D4-21C21C8A813D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8ED3957B-2979-462C-9348-A6F9BDB4B0B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{94ECEA5E-BEE0-4A51-9D7D-0B6EEA539A85}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{96F5DE97-5C99-46D3-9DC4-C85A795698E1}" = protocol=17 | dir=in | app=c:\users\sascha woitzik\appdata\local\akamai\netsession_win.exe | 
"{9BD3A94A-A9E8-48E6-A75D-59E5F4DA6F61}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9C24D91B-3A6E-40A9-99FF-15C7EA717D0F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A69E9FF1-8D9E-4DCF-9098-51C2530DCB64}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A6BD474F-8161-46BF-8395-10295A812E6D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A82D6A26-E998-4C86-914E-3E882EAC6B63}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{AF9C3847-1339-4B85-A35D-0331BE975AFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B70778F6-99B1-4489-B066-033CA19B2E2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDA5DB45-0B8C-4284-ADB7-B036294A5BFE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C0ACF06E-8241-4C1D-8E15-4E1AB42F9068}" = protocol=6 | dir=in | app=c:\users\sascha woitzik\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{C3F6224D-5E5D-497E-A57D-843D4431B62E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C57B1BFE-EC54-45AD-9D6B-7745AFD0E4D0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C82F5E76-1BC6-416E-B5C5-58FCE4E25D07}" = protocol=17 | dir=in | app=c:\users\sascha woitzik\appdata\local\akamai\netsession_win.exe | 
"{D0F48FC1-9AEE-4C19-8C97-4631EDF08FD6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D1C5427C-52C8-42C0-8452-280CB8BE0A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D220309F-6227-4A1B-A49E-DC5850B35FB1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D3C23BD9-35AD-4537-AF9C-BEA2072C94F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCE43C04-1E95-48F1-BA6E-34B659552A3D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{DD5CC35C-927A-4D7C-B043-EC4244A87BE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5257CD5-88B8-469D-B4C6-564932E42075}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{F063CC6C-9334-498C-9841-DECFC79F9EF1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F461EE7F-E2C8-409C-924F-C0B4308CC277}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160310}" = Java(TM) SE Development Kit 6 Update 31 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Amazon Browser Bar" = Amazon Browser Bar
"CCleaner" = CCleaner
"EPSON XP-402 403 405 406 Series" = Druckerdeinstallation für EPSON XP-402 403 405 406 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Ocster Backup" = Ocster Backup Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
"{09DCFE29-8D58-4D3A-A202-3FD8570F6CB9}" = MD86364 Driver Install  x64
"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{31877B1E-6950-4E76-BBE7-ACD612586F8E}" = MAGIX Screenshare
"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A3A3B34-6EA2-4031-8580-D66D29533E89}" = Download Navigator
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
"{3E0E4F57-8FE0-4812-840B-56EB8CC3DB7B}" = MAGIX Online Druck Service
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
"{4B33371A-C04F-48D3-980C-285369ECD634}" = ZoneAlarm Firewall
"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CF3206B-6330-42D6-B35E-CA7098337CB8}_is1" = Helium Audio Converter (build 215)
"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
"{8EA6A274-9C75-40B4-991F-01482D89D1A7}" = Linkury Smartbar
"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B7A9DB0D-DA3A-4E0E-A97A-6808084E2AC6}" = MAGIX Foto Manager 10
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9D3895-39C1-464E-9E5E-F47DAE03E513}" = ZoneAlarm Antivirus
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4C255FE-BE15-4C06-AAD9-A08F2DBB2E39}" = ZoneAlarm Security
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
"{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1" = AntiBrowserSpy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"7-Zip" = 7-Zip 4.65
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AVMWLANCLI" = AVM FRITZ!WLAN
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Scanner" = EPSON Scan
"EPSON XP-402 403 405 406 Series Bog" = Benutzerhandbuch - Grundlagen EPSON XP-402 403 405 406 Series
"EPSON XP-402 403 405 406 Series Netg" = Netzwerkhandbuch EPSON XP-402 403 405 406 Series
"EPSON XP-402 403 405 406 Series Useg" = Benutzerhandbuch EPSON XP-402 403 405 406 Series
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Glary Utilities_is1" = Glary Utilities 2.40.0.1326
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 3.10.02.00
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{09DCFE29-8D58-4D3A-A202-3FD8570F6CB9}" = MD86364 Driver Install  x64
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MAGIX Music Maker 16 Download-Version D" = MAGIX Music Maker 16 Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mobile Partner" = Mobile Partner
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"o2DE" = Mobile Connection Manager
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PunkBusterSvc" = PunkBuster Services
"RealMedia" = RealMedia (remove only)
"RegClean Pro_is1" = RegClean Pro
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.11.2011 09:49:15 | Computer Name = Mausi | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 22.11.2011 09:49:15 | Computer Name = Mausi | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 22.11.2011 09:49:15 | Computer Name = Mausi | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 22.11.2011 10:05:35 | Computer Name = Mausi | Source = MsiInstaller | ID = 11719
Description = 
 
Error - 22.11.2011 17:42:25 | Computer Name = Mausi | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sascha
 Woitzik\Downloads\SoftonicDownloader_fuer_openoffice.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 23.11.2011 07:46:57 | Computer Name = Mausi | Source = System Restore | ID = 8214
Description = 
 
Error - 23.11.2011 07:48:25 | Computer Name = Mausi | Source = System Restore | ID = 8210
Description = 
 
Error - 23.11.2011 07:58:45 | Computer Name = Mausi | Source = System Restore | ID = 8210
Description = 
 
Error - 23.11.2011 08:03:38 | Computer Name = Mausi | Source = System Restore | ID = 8210
Description = 
 
Error - 23.11.2011 08:10:55 | Computer Name = Mausi | Source = System Restore | ID = 8210
Description = 
 
[ Hewlett-Packard Events ]
Error - 09.08.2012 03:53:49 | Computer Name = Mausi | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.08.2012 16:07:02 | Computer Name = Mausi | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4092  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 22.08.2012 10:41:59 | Computer Name = Mausi | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4092  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 29.08.2012 18:00:09 | Computer Name = Mausi | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4092  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 05.09.2012 15:49:55 | Computer Name = Mausi | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4092  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 12.09.2012 09:26:46 | Computer Name = Mausi | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4092  Ram Utilization:   TargetSite: Void UpdateAndDetect()  
 
Error - 19.09.2012 17:44:10 | Computer Name = Mausi | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4092  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 26.09.2012 11:34:41 | Computer Name = Mausi | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4092  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 05.10.2012 04:33:27 | Computer Name = Mausi | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4092  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 10.10.2012 11:11:19 | Computer Name = Mausi | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4092  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  
 
[ Media Center Events ]
Error - 05.05.2011 15:34:31 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 21:34:31 - Fehler beim Herstellen der Internetverbindung.  21:34:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.05.2011 15:34:39 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 21:34:36 - Fehler beim Herstellen der Internetverbindung.  21:34:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.05.2011 16:34:44 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 22:34:44 - Fehler beim Herstellen der Internetverbindung.  22:34:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.05.2011 16:34:50 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 22:34:49 - Fehler beim Herstellen der Internetverbindung.  22:34:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.05.2011 17:34:55 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 23:34:55 - Fehler beim Herstellen der Internetverbindung.  23:34:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.05.2011 17:35:01 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 23:35:00 - Fehler beim Herstellen der Internetverbindung.  23:35:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.05.2011 05:30:26 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 11:30:26 - Fehler beim Herstellen der Internetverbindung.  11:30:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.05.2011 05:31:01 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 11:30:56 - Fehler beim Herstellen der Internetverbindung.  11:30:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.05.2011 06:34:16 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 12:34:13 - Fehler beim Herstellen der Internetverbindung.  12:34:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.05.2011 06:35:27 | Computer Name = Mausi | Source = MCUpdate | ID = 0
Description = 12:34:51 - Fehler beim Herstellen der Internetverbindung.  12:34:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 15.01.2013 12:39:43 | Computer Name = Mausi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.01.2013 12:39:55 | Computer Name = Mausi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 15.01.2013 12:40:23 | Computer Name = Mausi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.01.2013 12:40:52 | Computer Name = Mausi | Source = DCOM | ID = 10005
Description = 
 
Error - 15.01.2013 12:48:45 | Computer Name = Mausi | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 15.01.2013 12:49:28 | Computer Name = Mausi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BHDrvx64  SymIRON
 
Error - 15.01.2013 14:26:07 | Computer Name = Mausi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?01.?2013 um 19:23:32 unerwartet heruntergefahren.
 
Error - 15.01.2013 14:25:59 | Computer Name = Mausi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 15.01.2013 14:26:00 | Computer Name = Mausi | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 15.01.2013 14:26:25 | Computer Name = Mausi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BHDrvx64  SymIRON
 
 
< End of report >
         
--- --- ---

Alt 15.01.2013, 20:46   #5
markusg
/// Malware-holic
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O33 - MountPoints2\{01ecb426-c713-11df-a065-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{01ecb426-c713-11df-a065-001e101fabdd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{70e6ee0b-0967-11e2-b118-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{70e6ee0b-0967-11e2-b118-c80aa9523be3}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{7b3d9bd2-e461-11df-831d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3d9bd2-e461-11df-831d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b3d9c13-e461-11df-831d-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3d9c13-e461-11df-831d-c80aa9523be3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b3d9c22-e461-11df-831d-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3d9c22-e461-11df-831d-c80aa9523be3}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{98a689ff-c425-11e0-95a5-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{98a689ff-c425-11e0-95a5-c80aa9523be3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dbbb1aaf-c6fa-11df-be45-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{dbbb1aaf-c6fa-11df-be45-c80aa9523be3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dbbb1ac0-c6fa-11df-be45-c80aa9523be3}\Shell - "" = AutoRun
O33 - MountPoints2\{dbbb1ac0-c6fa-11df-be45-c80aa9523be3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dbea8901-0c07-11e0-84fb-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{dbea8901-0c07-11e0-84fb-001e101f36d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fc6706b2-d6e1-11df-b3f7-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{fc6706b2-d6e1-11df-b3f7-001e101f82a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 21:05   #6
Sascha2603
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ecb426-c713-11df-a065-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ecb426-c713-11df-a065-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ecb426-c713-11df-a065-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ecb426-c713-11df-a065-001e101fabdd}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70e6ee0b-0967-11e2-b118-c80aa9523be3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70e6ee0b-0967-11e2-b118-c80aa9523be3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70e6ee0b-0967-11e2-b118-c80aa9523be3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70e6ee0b-0967-11e2-b118-c80aa9523be3}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b3d9bd2-e461-11df-831d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b3d9bd2-e461-11df-831d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b3d9bd2-e461-11df-831d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b3d9bd2-e461-11df-831d-806e6f6e6963}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b3d9c13-e461-11df-831d-c80aa9523be3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b3d9c13-e461-11df-831d-c80aa9523be3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b3d9c13-e461-11df-831d-c80aa9523be3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b3d9c13-e461-11df-831d-c80aa9523be3}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b3d9c22-e461-11df-831d-c80aa9523be3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b3d9c22-e461-11df-831d-c80aa9523be3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b3d9c22-e461-11df-831d-c80aa9523be3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b3d9c22-e461-11df-831d-c80aa9523be3}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98a689ff-c425-11e0-95a5-c80aa9523be3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98a689ff-c425-11e0-95a5-c80aa9523be3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98a689ff-c425-11e0-95a5-c80aa9523be3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98a689ff-c425-11e0-95a5-c80aa9523be3}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbb1aaf-c6fa-11df-be45-c80aa9523be3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbbb1aaf-c6fa-11df-be45-c80aa9523be3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbb1aaf-c6fa-11df-be45-c80aa9523be3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbbb1aaf-c6fa-11df-be45-c80aa9523be3}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbb1ac0-c6fa-11df-be45-c80aa9523be3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbbb1ac0-c6fa-11df-be45-c80aa9523be3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbbb1ac0-c6fa-11df-be45-c80aa9523be3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbbb1ac0-c6fa-11df-be45-c80aa9523be3}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbea8901-0c07-11e0-84fb-001e101f36d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbea8901-0c07-11e0-84fb-001e101f36d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbea8901-0c07-11e0-84fb-001e101f36d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbea8901-0c07-11e0-84fb-001e101f36d9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc6706b2-d6e1-11df-b3f7-001e101f82a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc6706b2-d6e1-11df-b3f7-001e101f82a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc6706b2-d6e1-11df-b3f7-001e101f82a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc6706b2-d6e1-11df-b3f7-001e101f82a7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\AutoRun.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sascha Woitzik
->Flash cache emptied: 1351 bytes

User: _ocster_backup_

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sascha Woitzik
->Temp folder emptied: 2234649 bytes
->Temporary Internet Files folder emptied: 19047416 bytes
->Java cache emptied: 250683 bytes
->FireFox cache emptied: 71940786 bytes
->Google Chrome cache emptied: 15766828 bytes
->Flash cache emptied: 0 bytes

User: _ocster_backup_
->Temp folder emptied: 1161400 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22902144 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 2529 bytes

Total Files Cleaned = 127,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01152013_215941

Files\Folders moved on Reboot...
C:\Users\Sascha Woitzik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sascha Woitzik\AppData\Local\Temp\~DF64F40511BD1572E0.TMP moved successfully.
C:\Windows\temp\ZLT02952.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 15.01.2013, 21:06   #7
markusg
/// Malware-holic
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 21:55   #8
Sascha2603
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



sag mal kann ich das ganze auch im abgesicherten modus machen?was anderes fuzt leider nich mehr??

Alt 15.01.2013, 21:57   #9
markusg
/// Malware-holic
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



was passiert im normalen?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 22:01   #10
Sascha2603
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



also der killer hat was gefunden aber wie komm ich an die logs?

im normalen macht er nichts...klicke was an er lädt und lädt...komm nich online nix wird geöffnet

ist aber alles nur medium risk,einmal hidden file und 3x unsigned files

OKAY normaler modus läuft!!

23:29:53.0536 5092 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:29:53.0848 5092 ============================================================
23:29:53.0848 5092 Current date / time: 2013/01/15 23:29:53.0848
23:29:53.0848 5092 SystemInfo:
23:29:53.0848 5092
23:29:53.0848 5092 OS Version: 6.1.7601 ServicePack: 1.0
23:29:53.0848 5092 Product type: Workstation
23:29:53.0864 5092 ComputerName: MAUSI
23:29:53.0864 5092 UserName: Sascha Woitzik
23:29:53.0864 5092 Windows directory: C:\Windows
23:29:53.0864 5092 System windows directory: C:\Windows
23:29:53.0864 5092 Running under WOW64
23:29:53.0864 5092 Processor architecture: Intel x64
23:29:53.0864 5092 Number of processors: 2
23:29:53.0864 5092 Page size: 0x1000
23:29:53.0864 5092 Boot type: Normal boot
23:29:53.0864 5092 ============================================================
23:29:57.0124 5092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:29:57.0124 5092 ============================================================
23:29:57.0124 5092 \Device\Harddisk0\DR0:
23:29:57.0124 5092 MBR partitions:
23:29:57.0124 5092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:29:57.0124 5092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38802000
23:29:57.0124 5092 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38866000, BlocksNum 0x1AEC000
23:29:57.0124 5092 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
23:29:57.0124 5092 ============================================================
23:29:57.0155 5092 C: <-> \Device\Harddisk0\DR0\Partition2
23:29:57.0202 5092 D: <-> \Device\Harddisk0\DR0\Partition3
23:29:57.0218 5092 E: <-> \Device\Harddisk0\DR0\Partition4
23:29:57.0218 5092 ============================================================
23:29:57.0218 5092 Initialize success
23:29:57.0218 5092 ============================================================
23:30:11.0757 5216 ============================================================
23:30:11.0757 5216 Scan started
23:30:11.0757 5216 Mode: Manual; SigCheck; TDLFS;
23:30:11.0757 5216 ============================================================
23:30:13.0317 5216 ================ Scan system memory ========================
23:30:13.0317 5216 System memory - ok
23:30:13.0317 5216 ================ Scan services =============================
23:30:13.0535 5216 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:30:13.0832 5216 1394ohci - ok
23:30:14.0128 5216 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
23:30:14.0206 5216 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
23:30:14.0269 5216 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:30:14.0315 5216 ACPI - ok
23:30:14.0362 5216 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:30:14.0487 5216 AcpiPmi - ok
23:30:14.0581 5216 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:30:14.0643 5216 AdobeARMservice - ok
23:30:14.0799 5216 AdobeFlashPlayerUpdateSvc - ok
23:30:14.0877 5216 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:30:14.0955 5216 adp94xx - ok
23:30:15.0017 5216 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:30:15.0095 5216 adpahci - ok
23:30:15.0111 5216 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:30:15.0142 5216 adpu320 - ok
23:30:15.0173 5216 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:30:15.0376 5216 AeLookupSvc - ok
23:30:15.0501 5216 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
23:30:15.0610 5216 AESTFilters - ok
23:30:15.0673 5216 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:30:15.0782 5216 AFD - ok
23:30:15.0891 5216 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
23:30:16.0016 5216 AgereSoftModem - ok
23:30:16.0063 5216 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:30:16.0094 5216 agp440 - ok
23:30:16.0406 5216 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
23:30:16.0406 5216 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
23:30:16.0421 5216 Akamai ( HiddenFile.Multi.Generic ) - warning
23:30:16.0421 5216 Akamai - detected HiddenFile.Multi.Generic (1)
23:30:16.0484 5216 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:30:16.0593 5216 ALG - ok
23:30:16.0640 5216 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:30:16.0702 5216 aliide - ok
23:30:16.0765 5216 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:30:16.0889 5216 AMD External Events Utility - ok
23:30:16.0905 5216 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:30:16.0952 5216 amdide - ok
23:30:16.0999 5216 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:30:17.0123 5216 AmdK8 - ok
23:30:17.0186 5216 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:30:17.0264 5216 AmdPPM - ok
23:30:17.0295 5216 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:30:17.0357 5216 amdsata - ok
23:30:17.0373 5216 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:30:17.0420 5216 amdsbs - ok
23:30:17.0435 5216 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:30:17.0467 5216 amdxata - ok
23:30:17.0545 5216 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:30:17.0669 5216 AppID - ok
23:30:17.0701 5216 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:30:17.0779 5216 AppIDSvc - ok
23:30:17.0810 5216 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:30:17.0919 5216 Appinfo - ok
23:30:17.0966 5216 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:30:18.0028 5216 arc - ok
23:30:18.0044 5216 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:30:18.0075 5216 arcsas - ok
23:30:18.0122 5216 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:30:18.0247 5216 AsyncMac - ok
23:30:18.0278 5216 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:30:18.0293 5216 atapi - ok
23:30:18.0387 5216 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:30:18.0559 5216 athr - ok
23:30:18.0637 5216 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
23:30:18.0730 5216 AtiHdmiService - ok
23:30:18.0886 5216 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:30:19.0058 5216 atikmdag - ok
23:30:19.0105 5216 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
23:30:19.0151 5216 AtiPcie - ok
23:30:19.0354 5216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:30:19.0448 5216 AudioEndpointBuilder - ok
23:30:19.0463 5216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:30:19.0510 5216 AudioSrv - ok
23:30:19.0604 5216 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
23:30:19.0697 5216 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
23:30:19.0697 5216 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
23:30:19.0729 5216 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
23:30:19.0791 5216 avmeject - ok
23:30:19.0853 5216 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:30:19.0978 5216 AxInstSV - ok
23:30:20.0041 5216 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:30:20.0181 5216 b06bdrv - ok
23:30:20.0275 5216 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:30:20.0337 5216 b57nd60a - ok
23:30:20.0415 5216 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:30:20.0477 5216 BDESVC - ok
23:30:20.0509 5216 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:30:20.0571 5216 Beep - ok
23:30:20.0665 5216 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:30:20.0758 5216 BFE - ok
23:30:20.0914 5216 [ 9521D3908D3D2F5F6353F036845AAD85 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys
23:30:20.0977 5216 BHDrvx64 - ok
23:30:21.0039 5216 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:30:21.0179 5216 BITS - ok
23:30:21.0211 5216 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:30:21.0273 5216 blbdrive - ok
23:30:21.0320 5216 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:30:21.0460 5216 bowser - ok
23:30:21.0507 5216 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:30:21.0616 5216 BrFiltLo - ok
23:30:21.0632 5216 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:30:21.0694 5216 BrFiltUp - ok
23:30:21.0725 5216 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:30:21.0803 5216 Browser - ok
23:30:22.0084 5216 [ B2958F59C2DAFB76348224832FB7C26F ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
23:30:22.0147 5216 BrowserProtect - ok
23:30:22.0178 5216 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:30:22.0240 5216 Brserid - ok
23:30:22.0271 5216 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:30:22.0318 5216 BrSerWdm - ok
23:30:22.0365 5216 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:30:22.0412 5216 BrUsbMdm - ok
23:30:22.0427 5216 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:30:22.0490 5216 BrUsbSer - ok
23:30:22.0521 5216 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:30:22.0599 5216 BTHMODEM - ok
23:30:22.0677 5216 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:30:22.0755 5216 bthserv - ok
23:30:22.0833 5216 [ DA66E851E76766D2C84502FE682AB175 ] ccHP C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
23:30:22.0911 5216 ccHP - ok
23:30:22.0958 5216 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:30:23.0083 5216 cdfs - ok
23:30:23.0145 5216 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:30:23.0207 5216 cdrom - ok
23:30:23.0254 5216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:30:23.0363 5216 CertPropSvc - ok
23:30:23.0410 5216 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:30:23.0473 5216 circlass - ok
23:30:23.0504 5216 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:30:23.0551 5216 CLFS - ok
23:30:23.0613 5216 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:23.0660 5216 clr_optimization_v2.0.50727_32 - ok
23:30:23.0707 5216 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:30:23.0722 5216 clr_optimization_v2.0.50727_64 - ok
23:30:23.0925 5216 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:23.0972 5216 clr_optimization_v4.0.30319_32 - ok
23:30:24.0034 5216 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:30:24.0065 5216 clr_optimization_v4.0.30319_64 - ok
23:30:24.0112 5216 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:30:24.0206 5216 CmBatt - ok
23:30:24.0237 5216 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:30:24.0299 5216 cmdide - ok
23:30:24.0346 5216 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:30:24.0393 5216 CNG - ok
23:30:24.0471 5216 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:30:24.0533 5216 Com4QLBEx - ok
23:30:24.0596 5216 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:30:24.0658 5216 Compbatt - ok
23:30:24.0705 5216 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:30:24.0767 5216 CompositeBus - ok
23:30:24.0783 5216 COMSysApp - ok
23:30:24.0830 5216 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:30:24.0892 5216 crcdisk - ok
23:30:24.0939 5216 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:30:25.0017 5216 CryptSvc - ok
23:30:25.0064 5216 [ AF2587DD8BF9090D320454DE9F41E80C ] CXPLRCAP C:\Windows\system32\drivers\CxPlrCap.sys
23:30:25.0142 5216 CXPLRCAP - ok
23:30:25.0220 5216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:30:25.0345 5216 DcomLaunch - ok
23:30:25.0391 5216 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:30:25.0469 5216 defragsvc - ok
23:30:25.0516 5216 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:30:25.0579 5216 DfsC - ok
23:30:25.0625 5216 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:30:25.0719 5216 Dhcp - ok
23:30:25.0750 5216 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:30:25.0828 5216 discache - ok
23:30:25.0875 5216 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:30:25.0906 5216 Disk - ok
23:30:25.0937 5216 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:30:25.0969 5216 Dnscache - ok
23:30:26.0000 5216 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:30:26.0078 5216 dot3svc - ok
23:30:26.0109 5216 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:30:26.0171 5216 DPS - ok
23:30:26.0203 5216 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:30:26.0296 5216 drmkaud - ok
23:30:26.0359 5216 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:30:26.0437 5216 DXGKrnl - ok
23:30:26.0499 5216 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:30:26.0561 5216 EapHost - ok
23:30:26.0624 5216 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:30:26.0733 5216 ebdrv - ok
23:30:26.0827 5216 [ 066108AE4C35835081598827A1A7D08D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:30:26.0873 5216 eeCtrl - ok
23:30:26.0905 5216 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:30:26.0967 5216 EFS - ok
23:30:27.0045 5216 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:30:27.0170 5216 ehRecvr - ok
23:30:27.0201 5216 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:30:27.0295 5216 ehSched - ok
23:30:27.0341 5216 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:30:27.0419 5216 elxstor - ok
23:30:27.0497 5216 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
23:30:27.0560 5216 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
23:30:27.0560 5216 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
23:30:27.0638 5216 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
23:30:27.0700 5216 EpsonScanSvc - ok
23:30:27.0747 5216 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:30:27.0841 5216 ErrDev - ok
23:30:27.0919 5216 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:30:27.0997 5216 EventSystem - ok
23:30:28.0043 5216 [ 8ADACFFAD67394C711698EA074CE3BAB ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
23:30:28.0153 5216 ewusbnet - ok
23:30:28.0184 5216 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:30:28.0340 5216 exfat - ok
23:30:28.0371 5216 ezSharedSvc - ok
23:30:28.0402 5216 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:30:28.0511 5216 fastfat - ok
23:30:28.0574 5216 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:30:28.0652 5216 Fax - ok
23:30:28.0699 5216 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:30:28.0745 5216 fdc - ok
23:30:28.0777 5216 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:30:28.0855 5216 fdPHost - ok
23:30:28.0870 5216 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:30:28.0933 5216 FDResPub - ok
23:30:28.0979 5216 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:30:29.0042 5216 FileInfo - ok
23:30:29.0057 5216 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:30:29.0151 5216 Filetrace - ok
23:30:29.0167 5216 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:30:29.0229 5216 flpydisk - ok
23:30:29.0291 5216 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:30:29.0354 5216 FltMgr - ok
23:30:29.0432 5216 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
23:30:29.0588 5216 FontCache - ok
23:30:29.0619 5216 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:30:29.0650 5216 FsDepends - ok
23:30:29.0681 5216 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:30:29.0697 5216 Fs_Rec - ok
23:30:29.0775 5216 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:30:29.0806 5216 fvevol - ok
23:30:29.0869 5216 [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
23:30:29.0962 5216 FWLANUSB - ok
23:30:30.0025 5216 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:30:30.0071 5216 gagp30kx - ok
23:30:30.0149 5216 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:30:30.0212 5216 GameConsoleService - ok
23:30:30.0352 5216 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:30:30.0508 5216 gpsvc - ok
23:30:30.0664 5216 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:30:30.0680 5216 gupdate - ok
23:30:30.0805 5216 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:30:30.0836 5216 gupdatem - ok
23:30:30.0883 5216 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:30:30.0976 5216 hcw85cir - ok
23:30:31.0054 5216 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:30:31.0117 5216 HdAudAddService - ok
23:30:31.0132 5216 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:30:31.0179 5216 HDAudBus - ok
23:30:31.0195 5216 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:30:31.0273 5216 HidBatt - ok
23:30:31.0304 5216 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:30:31.0413 5216 HidBth - ok
23:30:31.0429 5216 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:30:31.0507 5216 HidIr - ok
23:30:31.0538 5216 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:30:31.0647 5216 hidserv - ok
23:30:31.0897 5216 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:30:31.0990 5216 HidUsb - ok
23:30:32.0068 5216 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:30:32.0178 5216 hkmsvc - ok
23:30:32.0256 5216 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:30:32.0349 5216 HomeGroupListener - ok
23:30:32.0380 5216 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:30:32.0458 5216 HomeGroupProvider - ok
23:30:32.0552 5216 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:30:32.0583 5216 HP Support Assistant Service - ok
23:30:32.0646 5216 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:30:32.0692 5216 HPDrvMntSvc.exe - ok
23:30:32.0724 5216 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:30:32.0786 5216 HpqKbFiltr - ok
23:30:32.0895 5216 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:30:32.0942 5216 hpqwmiex - ok
23:30:33.0004 5216 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:30:33.0036 5216 HpSAMD - ok
23:30:33.0114 5216 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:30:33.0207 5216 HTTP - ok
23:30:33.0270 5216 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:30:33.0363 5216 hwdatacard - ok
23:30:33.0394 5216 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:30:33.0457 5216 hwpolicy - ok
23:30:33.0472 5216 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
23:30:33.0519 5216 hwusbdev - ok
23:30:33.0566 5216 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:30:33.0613 5216 i8042prt - ok
23:30:33.0660 5216 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:30:33.0691 5216 iaStorV - ok
23:30:33.0738 5216 [ 5B6FDE76D72C2A1F0F99CBE5277E82EC ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101111.001\IDSvia64.sys
23:30:33.0784 5216 IDSVia64 - ok
23:30:34.0143 5216 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:30:34.0377 5216 igfx - ok
23:30:34.0408 5216 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:30:34.0424 5216 iirsp - ok
23:30:34.0502 5216 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:30:34.0596 5216 IKEEXT - ok
23:30:34.0611 5216 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:30:34.0642 5216 intelide - ok
23:30:34.0658 5216 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:30:34.0736 5216 intelppm - ok
23:30:34.0752 5216 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:30:34.0876 5216 IPBusEnum - ok
23:30:34.0908 5216 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:30:34.0986 5216 IpFilterDriver - ok
23:30:35.0032 5216 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:30:35.0142 5216 iphlpsvc - ok
23:30:35.0188 5216 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:30:35.0266 5216 IPMIDRV - ok
23:30:35.0313 5216 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:30:35.0407 5216 IPNAT - ok
23:30:35.0454 5216 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:30:35.0516 5216 IRENUM - ok
23:30:35.0594 5216 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:30:35.0625 5216 isapnp - ok
23:30:35.0641 5216 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:30:35.0688 5216 iScsiPrt - ok
23:30:35.0875 5216 [ 1152F8BEB568F2F72F1C5C32A1F4E529 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
23:30:35.0906 5216 ISWKL - ok
23:30:36.0015 5216 [ EF46EF3A790C42BBA9B5AFA2586448DB ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
23:30:36.0062 5216 IswSvc - ok
23:30:36.0156 5216 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:30:36.0218 5216 kbdclass - ok
23:30:36.0249 5216 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:30:36.0358 5216 kbdhid - ok
23:30:36.0374 5216 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:30:36.0421 5216 KeyIso - ok
23:30:36.0577 5216 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
23:30:36.0655 5216 KL1 - ok
23:30:36.0702 5216 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
23:30:36.0748 5216 kl2 - ok
23:30:36.0826 5216 [ 055790D38D7EC73AEF03E4AA7F67BA03 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
23:30:36.0889 5216 KLIF - ok
23:30:36.0936 5216 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:30:36.0967 5216 KSecDD - ok
23:30:36.0982 5216 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:30:37.0014 5216 KSecPkg - ok
23:30:37.0060 5216 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:30:37.0185 5216 ksthunk - ok
23:30:37.0216 5216 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:30:37.0294 5216 KtmRm - ok
23:30:37.0341 5216 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:30:37.0419 5216 LanmanServer - ok
23:30:37.0450 5216 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:30:37.0513 5216 LanmanWorkstation - ok
23:30:37.0575 5216 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:30:37.0622 5216 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:30:37.0622 5216 LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:30:37.0669 5216 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:30:37.0825 5216 lltdio - ok
23:30:37.0856 5216 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:30:37.0981 5216 lltdsvc - ok
23:30:38.0012 5216 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:30:38.0074 5216 lmhosts - ok
23:30:38.0121 5216 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:30:38.0184 5216 LSI_FC - ok
23:30:38.0215 5216 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:30:38.0277 5216 LSI_SAS - ok
23:30:38.0293 5216 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:30:38.0340 5216 LSI_SAS2 - ok
23:30:38.0371 5216 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:30:38.0433 5216 LSI_SCSI - ok
23:30:38.0449 5216 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:30:38.0574 5216 luafv - ok
23:30:38.0636 5216 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:30:38.0683 5216 MBAMProtector - ok
23:30:38.0776 5216 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:30:38.0839 5216 MBAMScheduler - ok
23:30:38.0917 5216 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:30:38.0995 5216 MBAMService - ok
23:30:39.0057 5216 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:30:39.0135 5216 Mcx2Svc - ok
23:30:39.0166 5216 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:30:39.0198 5216 megasas - ok
23:30:39.0229 5216 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:30:39.0276 5216 MegaSR - ok
23:30:39.0322 5216 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:30:39.0447 5216 MMCSS - ok
23:30:39.0463 5216 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:30:39.0572 5216 Modem - ok
23:30:39.0603 5216 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:30:39.0681 5216 monitor - ok
23:30:39.0744 5216 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:30:39.0775 5216 mouclass - ok
23:30:39.0837 5216 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:30:39.0915 5216 mouhid - ok
23:30:39.0946 5216 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:30:39.0993 5216 mountmgr - ok
23:30:40.0071 5216 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:30:40.0134 5216 MozillaMaintenance - ok
23:30:40.0180 5216 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:30:40.0212 5216 mpio - ok
23:30:40.0243 5216 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:30:40.0290 5216 mpsdrv - ok
23:30:40.0336 5216 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:30:40.0414 5216 MpsSvc - ok
23:30:40.0446 5216 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:30:40.0555 5216 MRxDAV - ok
23:30:40.0602 5216 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:30:40.0664 5216 mrxsmb - ok
23:30:40.0726 5216 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:30:40.0804 5216 mrxsmb10 - ok
23:30:40.0836 5216 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:30:40.0867 5216 mrxsmb20 - ok
23:30:40.0914 5216 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:30:40.0960 5216 msahci - ok
23:30:40.0976 5216 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:30:41.0007 5216 msdsm - ok
23:30:41.0023 5216 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:30:41.0085 5216 MSDTC - ok
23:30:41.0148 5216 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:30:41.0241 5216 Msfs - ok
23:30:41.0272 5216 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:30:41.0335 5216 mshidkmdf - ok
23:30:41.0382 5216 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:30:41.0428 5216 msisadrv - ok
23:30:41.0460 5216 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:30:41.0569 5216 MSiSCSI - ok
23:30:41.0569 5216 msiserver - ok
23:30:41.0616 5216 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:30:41.0709 5216 MSKSSRV - ok
23:30:41.0740 5216 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:30:41.0803 5216 MSPCLOCK - ok
23:30:41.0834 5216 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:30:41.0928 5216 MSPQM - ok
23:30:41.0959 5216 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:30:42.0006 5216 MsRPC - ok
23:30:42.0052 5216 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:30:42.0084 5216 mssmbios - ok
23:30:42.0177 5216 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:30:42.0349 5216 MSTEE - ok
23:30:42.0364 5216 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:30:42.0458 5216 MTConfig - ok
23:30:42.0676 5216 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:30:42.0739 5216 Mup - ok
23:30:42.0770 5216 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:30:42.0848 5216 napagent - ok
23:30:42.0910 5216 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:30:43.0020 5216 NativeWifiP - ok
23:30:43.0035 5216 NAVENG - ok
23:30:43.0051 5216 NAVEX15 - ok
23:30:43.0129 5216 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:30:43.0191 5216 NDIS - ok
23:30:43.0254 5216 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:30:43.0363 5216 NdisCap - ok
23:30:43.0410 5216 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:30:43.0503 5216 NdisTapi - ok
23:30:43.0550 5216 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:30:43.0659 5216 Ndisuio - ok
23:30:43.0706 5216 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:30:43.0846 5216 NdisWan - ok
23:30:43.0893 5216 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:30:44.0018 5216 NDProxy - ok
23:30:44.0065 5216 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:30:44.0190 5216 NetBIOS - ok
23:30:44.0221 5216 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:30:44.0283 5216 NetBT - ok
23:30:44.0314 5216 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:30:44.0330 5216 Netlogon - ok
23:30:44.0392 5216 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:30:44.0533 5216 Netman - ok
23:30:44.0564 5216 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:30:44.0642 5216 netprofm - ok
23:30:44.0829 5216 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
23:30:45.0094 5216 netw5v64 - ok
23:30:45.0126 5216 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:30:45.0172 5216 nfrd960 - ok
23:30:45.0266 5216 [ 8E643FD5F38FA9A2EDA27268A1E9499F ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
23:30:45.0313 5216 NIS - ok
23:30:45.0375 5216 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:30:45.0453 5216 NlaSvc - ok
23:30:45.0484 5216 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:30:45.0562 5216 Npfs - ok
23:30:45.0578 5216 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:30:45.0656 5216 nsi - ok
23:30:45.0672 5216 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:30:45.0750 5216 nsiproxy - ok
23:30:45.0828 5216 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:30:45.0906 5216 Ntfs - ok
23:30:45.0937 5216 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:30:45.0999 5216 Null - ok
23:30:46.0030 5216 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:30:46.0108 5216 nvraid - ok
23:30:46.0124 5216 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:30:46.0155 5216 nvstor - ok
23:30:46.0218 5216 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:30:46.0264 5216 nv_agp - ok
23:30:46.0374 5216 [ DC08484919622981145136D68FA5CC3E ] ocster_backup c:\Program Files\Ocster Backup\bin\backupService-ox.exe
23:30:46.0436 5216 ocster_backup - ok
23:30:46.0483 5216 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:30:46.0545 5216 ohci1394 - ok
23:30:46.0576 5216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:30:46.0639 5216 p2pimsvc - ok
23:30:46.0670 5216 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:30:46.0732 5216 p2psvc - ok
23:30:46.0764 5216 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:30:46.0810 5216 Parport - ok
23:30:46.0826 5216 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:30:46.0857 5216 partmgr - ok
23:30:46.0873 5216 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:30:46.0920 5216 PcaSvc - ok
23:30:46.0951 5216 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:30:46.0966 5216 pci - ok
23:30:46.0998 5216 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:30:47.0029 5216 pciide - ok
23:30:47.0076 5216 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:30:47.0154 5216 pcmcia - ok
23:30:47.0185 5216 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:30:47.0216 5216 pcw - ok
23:30:47.0247 5216 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:30:47.0341 5216 PEAUTH - ok
23:30:47.0590 5216 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:30:47.0653 5216 PerfHost - ok
23:30:47.0731 5216 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:30:47.0887 5216 pla - ok
23:30:47.0934 5216 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:30:48.0012 5216 PlugPlay - ok
23:30:48.0058 5216 PnkBstrA - ok
23:30:48.0090 5216 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:30:48.0183 5216 PNRPAutoReg - ok
23:30:48.0199 5216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:30:48.0230 5216 PNRPsvc - ok
23:30:48.0277 5216 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:30:48.0339 5216 PolicyAgent - ok
23:30:48.0386 5216 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:30:48.0480 5216 Power - ok
23:30:48.0542 5216 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:30:48.0604 5216 PptpMiniport - ok
23:30:48.0636 5216 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:30:48.0682 5216 Processor - ok
23:30:48.0729 5216 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:30:48.0776 5216 ProfSvc - ok
23:30:48.0807 5216 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:30:48.0870 5216 ProtectedStorage - ok
23:30:48.0916 5216 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:30:48.0979 5216 Psched - ok
23:30:49.0041 5216 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
23:30:49.0088 5216 PSI - ok
23:30:49.0260 5216 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:30:49.0384 5216 ql2300 - ok
23:30:49.0400 5216 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:30:49.0431 5216 ql40xx - ok
23:30:49.0447 5216 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:30:49.0494 5216 QWAVE - ok
23:30:49.0525 5216 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:30:49.0572 5216 QWAVEdrv - ok
23:30:49.0634 5216 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
23:30:49.0681 5216 RapiMgr - ok
23:30:49.0712 5216 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:30:49.0806 5216 RasAcd - ok
23:30:49.0852 5216 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:30:49.0915 5216 RasAgileVpn - ok
23:30:49.0946 5216 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:30:50.0008 5216 RasAuto - ok
23:30:50.0040 5216 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:30:50.0118 5216 Rasl2tp - ok
23:30:50.0196 5216 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:30:50.0289 5216 RasMan - ok
23:30:50.0320 5216 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:30:50.0398 5216 RasPppoe - ok
23:30:50.0445 5216 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:30:50.0570 5216 RasSstp - ok
23:30:50.0617 5216 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:30:50.0742 5216 rdbss - ok
23:30:50.0773 5216 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:30:50.0820 5216 rdpbus - ok
23:30:50.0835 5216 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:30:50.0898 5216 RDPCDD - ok
23:30:50.0944 5216 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:30:51.0022 5216 RDPENCDD - ok
23:30:51.0038 5216 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:30:51.0100 5216 RDPREFMP - ok
23:30:51.0147 5216 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:30:51.0225 5216 RDPWD - ok
23:30:51.0272 5216 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:30:51.0334 5216 rdyboost - ok
23:30:51.0366 5216 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:30:51.0475 5216 RemoteAccess - ok
23:30:51.0506 5216 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:30:51.0584 5216 RemoteRegistry - ok
23:30:51.0631 5216 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:30:51.0709 5216 RichVideo - ok
23:30:51.0740 5216 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:30:51.0834 5216 RpcEptMapper - ok
23:30:51.0865 5216 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:30:52.0036 5216 RpcLocator - ok
23:30:52.0083 5216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:30:52.0177 5216 RpcSs - ok
23:30:52.0224 5216 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:30:52.0317 5216 rspndr - ok
23:30:52.0426 5216 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
23:30:52.0536 5216 RSUSBSTOR - ok
23:30:52.0567 5216 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:30:52.0645 5216 RTL8167 - ok
23:30:52.0660 5216 RtsUIR - ok
23:30:52.0676 5216 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:30:52.0707 5216 SamSs - ok
23:30:52.0738 5216 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:30:52.0770 5216 sbp2port - ok
23:30:52.0785 5216 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:30:52.0879 5216 SCardSvr - ok
23:30:52.0910 5216 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:30:52.0988 5216 scfilter - ok
23:30:53.0050 5216 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:30:53.0175 5216 Schedule - ok
23:30:53.0206 5216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:30:53.0284 5216 SCPolicySvc - ok
23:30:53.0347 5216 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:30:53.0425 5216 sdbus - ok
23:30:53.0456 5216 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:30:53.0518 5216 SDRSVC - ok
23:30:53.0565 5216 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:30:53.0643 5216 secdrv - ok
23:30:53.0674 5216 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:30:53.0737 5216 seclogon - ok
23:30:53.0815 5216 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
23:30:53.0862 5216 Secunia PSI Agent - ok
23:30:53.0893 5216 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
23:30:53.0924 5216 Secunia Update Agent - ok
23:30:53.0940 5216 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:30:54.0018 5216 SENS - ok
23:30:54.0064 5216 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:30:54.0158 5216 SensrSvc - ok
23:30:54.0174 5216 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:30:54.0236 5216 Serenum - ok
23:30:54.0252 5216 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:30:54.0330 5216 Serial - ok
23:30:54.0361 5216 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:30:54.0454 5216 sermouse - ok
23:30:54.0501 5216 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:30:54.0579 5216 SessionEnv - ok
23:30:54.0642 5216 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:30:54.0688 5216 sffdisk - ok
23:30:54.0704 5216 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:30:54.0751 5216 sffp_mmc - ok
23:30:54.0782 5216 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:30:54.0844 5216 sffp_sd - ok
23:30:54.0860 5216 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:30:54.0891 5216 sfloppy - ok
23:30:54.0954 5216 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:30:55.0094 5216 SharedAccess - ok
23:30:55.0141 5216 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:30:55.0250 5216 ShellHWDetection - ok
23:30:55.0266 5216 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:30:55.0297 5216 SiSRaid2 - ok
23:30:55.0312 5216 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:30:55.0344 5216 SiSRaid4 - ok
23:30:55.0390 5216 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:30:55.0500 5216 Smb - ok
23:30:55.0562 5216 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:30:55.0624 5216 SNMPTRAP - ok
23:30:55.0640 5216 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:30:55.0671 5216 spldr - ok
23:30:55.0702 5216 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:30:55.0749 5216 Spooler - ok
23:30:55.0858 5216 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:30:55.0968 5216 sppsvc - ok
23:30:55.0999 5216 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:30:56.0108 5216 sppuinotify - ok
23:30:56.0155 5216 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
23:30:56.0233 5216 SRTSP - ok
23:30:56.0248 5216 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
23:30:56.0280 5216 SRTSPX - ok
23:30:56.0311 5216 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:30:56.0389 5216 srv - ok
23:30:56.0436 5216 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:30:56.0545 5216 srv2 - ok
23:30:56.0576 5216 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:30:56.0670 5216 SrvHsfHDA - ok
23:30:56.0716 5216 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:30:56.0779 5216 SrvHsfV92 - ok
23:30:56.0810 5216 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:30:56.0872 5216 SrvHsfWinac - ok
23:30:56.0888 5216 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:30:56.0950 5216 srvnet - ok
23:30:56.0997 5216 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:30:57.0138 5216 SSDPSRV - ok
23:30:57.0169 5216 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:30:57.0216 5216 SstpSvc - ok
23:30:57.0309 5216 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
23:30:57.0372 5216 STacSV - ok
23:30:57.0403 5216 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:30:57.0465 5216 stexstor - ok
23:30:57.0528 5216 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
23:30:57.0606 5216 STHDA - ok
23:30:57.0684 5216 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:30:57.0762 5216 stisvc - ok
23:30:57.0793 5216 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:30:57.0855 5216 swenum - ok
23:30:57.0886 5216 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:30:57.0996 5216 swprv - ok
23:30:58.0027 5216 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
23:30:58.0058 5216 SymDS - ok
23:30:58.0105 5216 [ 42C952D131EFF724A9959BB6D78C1B63 ] SymEFA C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
23:30:58.0167 5216 SymEFA - ok
23:30:58.0183 5216 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:30:58.0214 5216 SymEvent - ok
23:30:58.0230 5216 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
23:30:58.0261 5216 SymIRON - ok
23:30:58.0292 5216 [ 8ABB6E5B7D75CD3F0A988695D0D9186A ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
23:30:58.0339 5216 SYMTDIv - ok
23:30:58.0401 5216 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:30:58.0432 5216 SynTP - ok
23:30:58.0510 5216 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:30:58.0620 5216 SysMain - ok
23:30:58.0651 5216 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:30:58.0698 5216 TabletInputService - ok
23:30:58.0729 5216 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:30:58.0822 5216 TapiSrv - ok
23:30:58.0838 5216 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:30:58.0916 5216 TBS - ok
23:30:59.0010 5216 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:30:59.0103 5216 Tcpip - ok
23:30:59.0150 5216 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:30:59.0197 5216 TCPIP6 - ok
23:30:59.0228 5216 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:30:59.0290 5216 tcpipreg - ok
23:30:59.0322 5216 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:30:59.0368 5216 TDPIPE - ok
23:30:59.0400 5216 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:30:59.0446 5216 TDTCP - ok
23:30:59.0478 5216 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:30:59.0556 5216 tdx - ok
23:30:59.0587 5216 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:30:59.0618 5216 TermDD - ok
23:30:59.0649 5216 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:30:59.0758 5216 TermService - ok
23:30:59.0868 5216 [ 8F14DE79EBE73D6D717B8455E64DDA86 ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
23:30:59.0883 5216 TGCM_ImportWiFiSvc - ok
23:30:59.0914 5216 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:30:59.0961 5216 Themes - ok
23:30:59.0992 5216 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:31:00.0039 5216 THREADORDER - ok
23:31:00.0055 5216 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:31:00.0117 5216 TrkWks - ok
23:31:00.0180 5216 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:31:00.0289 5216 TrustedInstaller - ok
23:31:00.0336 5216 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:31:00.0445 5216 tssecsrv - ok
23:31:00.0476 5216 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:31:00.0538 5216 TsUsbFlt - ok
23:31:00.0601 5216 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:31:00.0679 5216 tunnel - ok
23:31:00.0710 5216 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:31:00.0741 5216 uagp35 - ok
23:31:00.0757 5216 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:31:00.0835 5216 udfs - ok
23:31:00.0866 5216 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:31:00.0897 5216 UI0Detect - ok
23:31:00.0944 5216 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:31:00.0975 5216 uliagpkx - ok
23:31:01.0022 5216 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:31:01.0069 5216 umbus - ok
23:31:01.0116 5216 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:31:01.0162 5216 UmPass - ok
23:31:01.0178 5216 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:31:01.0256 5216 upnphost - ok
23:31:01.0287 5216 upperdev - ok
23:31:01.0318 5216 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:31:01.0381 5216 usbccgp - ok
23:31:01.0381 5216 USBCCID - ok
23:31:01.0443 5216 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:31:01.0490 5216 usbcir - ok
23:31:01.0506 5216 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:31:01.0568 5216 usbehci - ok
23:31:01.0599 5216 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
23:31:01.0630 5216 usbfilter - ok
23:31:01.0677 5216 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:31:01.0755 5216 usbhub - ok
23:31:01.0786 5216 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:31:01.0864 5216 usbohci - ok
23:31:01.0927 5216 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:31:01.0989 5216 usbprint - ok
23:31:02.0036 5216 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:31:02.0130 5216 usbscan - ok
23:31:02.0145 5216 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:31:02.0223 5216 USBSTOR - ok
23:31:02.0254 5216 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:31:02.0364 5216 usbuhci - ok
23:31:02.0426 5216 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:31:02.0504 5216 usbvideo - ok
23:31:02.0520 5216 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
23:31:02.0566 5216 usb_rndisx - ok
23:31:02.0582 5216 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:31:02.0644 5216 UxSms - ok
23:31:02.0660 5216 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:31:02.0691 5216 VaultSvc - ok
23:31:02.0754 5216 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:31:02.0800 5216 vdrvroot - ok
23:31:02.0832 5216 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:31:02.0894 5216 vds - ok
23:31:02.0910 5216 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:31:02.0956 5216 vga - ok
23:31:02.0972 5216 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:31:03.0050 5216 VgaSave - ok
23:31:03.0066 5216 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:31:03.0112 5216 vhdmp - ok
23:31:03.0112 5216 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:31:03.0144 5216 viaide - ok
23:31:03.0159 5216 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:31:03.0190 5216 volmgr - ok
23:31:03.0222 5216 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:31:03.0315 5216 volmgrx - ok
23:31:03.0346 5216 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:31:03.0409 5216 volsnap - ok
23:31:03.0487 5216 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
23:31:03.0549 5216 Vsdatant - ok
23:31:03.0596 5216 vsmon - ok
23:31:03.0627 5216 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:31:03.0674 5216 vsmraid - ok
23:31:03.0752 5216 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:31:03.0892 5216 VSS - ok
23:31:03.0924 5216 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:31:03.0970 5216 vwifibus - ok
23:31:04.0002 5216 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:31:04.0080 5216 vwififlt - ok
23:31:04.0126 5216 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:31:04.0204 5216 vwifimp - ok
23:31:04.0251 5216 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:31:04.0345 5216 W32Time - ok
23:31:04.0376 5216 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:31:04.0423 5216 WacomPen - ok
23:31:04.0485 5216 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:31:04.0594 5216 WANARP - ok
23:31:04.0594 5216 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:31:04.0657 5216 Wanarpv6 - ok
23:31:04.0704 5216 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:31:04.0782 5216 wbengine - ok
23:31:04.0813 5216 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:31:04.0875 5216 WbioSrvc - ok
23:31:04.0922 5216 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
23:31:04.0969 5216 WcesComm - ok
23:31:05.0000 5216 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:31:05.0047 5216 wcncsvc - ok
23:31:05.0078 5216 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:31:05.0109 5216 WcsPlugInService - ok
23:31:05.0125 5216 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:31:05.0156 5216 Wd - ok
23:31:05.0203 5216 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:31:05.0250 5216 Wdf01000 - ok
23:31:05.0265 5216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:31:05.0312 5216 WdiServiceHost - ok
23:31:05.0328 5216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:31:05.0359 5216 WdiSystemHost - ok
23:31:05.0390 5216 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:31:05.0468 5216 WebClient - ok
23:31:05.0499 5216 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:31:05.0577 5216 Wecsvc - ok
23:31:05.0593 5216 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:31:05.0640 5216 wercplsupport - ok
23:31:05.0702 5216 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:31:05.0811 5216 WerSvc - ok
23:31:05.0858 5216 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:31:05.0967 5216 WfpLwf - ok
23:31:05.0967 5216 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:31:05.0998 5216 WIMMount - ok
23:31:06.0030 5216 WinDefend - ok
23:31:06.0030 5216 WinHttpAutoProxySvc - ok
23:31:06.0076 5216 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:31:06.0139 5216 Winmgmt - ok
23:31:06.0217 5216 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:31:06.0357 5216 WinRM - ok
23:31:06.0435 5216 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:31:06.0529 5216 WinUsb - ok
23:31:06.0576 5216 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:31:06.0716 5216 Wlansvc - ok
23:31:06.0732 5216 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:31:06.0763 5216 WmiAcpi - ok
23:31:06.0794 5216 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:31:06.0888 5216 wmiApSrv - ok
23:31:06.0950 5216 WMPNetworkSvc - ok
23:31:06.0966 5216 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:31:07.0044 5216 WPCSvc - ok
23:31:07.0090 5216 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:31:07.0137 5216 WPDBusEnum - ok
23:31:07.0168 5216 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:31:07.0262 5216 ws2ifsl - ok
23:31:07.0293 5216 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:31:07.0340 5216 wscsvc - ok
23:31:07.0340 5216 WSearch - ok
23:31:07.0465 5216 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:31:07.0590 5216 wuauserv - ok
23:31:07.0636 5216 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:31:07.0668 5216 WudfPf - ok
23:31:07.0714 5216 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:31:07.0824 5216 WUDFRd - ok
23:31:07.0839 5216 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:31:07.0886 5216 wudfsvc - ok
23:31:07.0917 5216 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:31:07.0980 5216 WwanSvc - ok
23:31:08.0026 5216 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
23:31:08.0073 5216 yukonw7 - ok
23:31:08.0151 5216 ================ Scan global ===============================
23:31:08.0198 5216 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:31:08.0229 5216 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:31:08.0245 5216 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:31:08.0276 5216 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:31:08.0307 5216 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:31:08.0323 5216 [Global] - ok
23:31:08.0323 5216 ================ Scan MBR ==================================
23:31:08.0338 5216 [ 92346430B194230214553FBBB4F896BA ] \Device\Harddisk0\DR0
23:31:08.0650 5216 \Device\Harddisk0\DR0 - ok
23:31:08.0650 5216 ================ Scan VBR ==================================
23:31:08.0650 5216 [ E284B2FBEAE091A7BCA343596F952E5B ] \Device\Harddisk0\DR0\Partition1
23:31:08.0666 5216 \Device\Harddisk0\DR0\Partition1 - ok
23:31:08.0697 5216 [ 3D78C3A0CEFC2BB65E3346EAE0A6481D ] \Device\Harddisk0\DR0\Partition2
23:31:08.0697 5216 \Device\Harddisk0\DR0\Partition2 - ok
23:31:08.0728 5216 [ A2B0F9FAF5A2723B716EF0A51FDD984D ] \Device\Harddisk0\DR0\Partition3
23:31:08.0728 5216 \Device\Harddisk0\DR0\Partition3 - ok
23:31:08.0744 5216 [ F4824C45A6691182F4A177E132E45F81 ] \Device\Harddisk0\DR0\Partition4
23:31:08.0760 5216 \Device\Harddisk0\DR0\Partition4 - ok
23:31:08.0760 5216 ============================================================
23:31:08.0760 5216 Scan finished
23:31:08.0760 5216 ============================================================
23:31:08.0775 0648 Detected object count: 4
23:31:08.0775 0648 Actual detected object count: 4

Alt 15.01.2013, 22:36   #11
Sascha2603
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



22:41:59.0306 2872 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:41:59.0572 2872 ============================================================
22:41:59.0572 2872 Current date / time: 2013/01/15 22:41:59.0572
22:41:59.0572 2872 SystemInfo:
22:41:59.0572 2872
22:41:59.0572 2872 OS Version: 6.1.7601 ServicePack: 1.0
22:41:59.0572 2872 Product type: Workstation
22:41:59.0572 2872 ComputerName: MAUSI
22:41:59.0572 2872 UserName: Sascha Woitzik
22:41:59.0572 2872 Windows directory: C:\Windows
22:41:59.0572 2872 System windows directory: C:\Windows
22:41:59.0572 2872 Running under WOW64
22:41:59.0572 2872 Processor architecture: Intel x64
22:41:59.0572 2872 Number of processors: 2
22:41:59.0572 2872 Page size: 0x1000
22:41:59.0572 2872 Boot type: Safe boot with network
22:41:59.0572 2872 ============================================================
22:42:03.0986 2872 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:42:04.0002 2872 ============================================================
22:42:04.0002 2872 \Device\Harddisk0\DR0:
22:42:04.0002 2872 MBR partitions:
22:42:04.0002 2872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:42:04.0002 2872 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38802000
22:42:04.0002 2872 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38866000, BlocksNum 0x1AEC000
22:42:04.0002 2872 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
22:42:04.0002 2872 ============================================================
22:42:04.0018 2872 C: <-> \Device\Harddisk0\DR0\Partition2
22:42:04.0064 2872 D: <-> \Device\Harddisk0\DR0\Partition3
22:42:04.0080 2872 E: <-> \Device\Harddisk0\DR0\Partition4
22:42:04.0080 2872 ============================================================
22:42:04.0080 2872 Initialize success
22:42:04.0080 2872 ============================================================
22:42:54.0423 2936 ============================================================
22:42:54.0423 2936 Scan started
22:42:54.0423 2936 Mode: Manual; SigCheck; TDLFS;
22:42:54.0423 2936 ============================================================
22:42:55.0561 2936 ================ Scan system memory ========================
22:42:55.0561 2936 System memory - ok
22:42:55.0561 2936 ================ Scan services =============================
22:42:55.0717 2936 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:42:55.0811 2936 1394ohci - ok
22:42:55.0967 2936 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
22:42:55.0983 2936 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
22:42:56.0045 2936 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:42:56.0061 2936 ACPI - ok
22:42:56.0107 2936 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:42:56.0170 2936 AcpiPmi - ok
22:42:56.0263 2936 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:42:56.0279 2936 AdobeARMservice - ok
22:42:56.0404 2936 AdobeFlashPlayerUpdateSvc - ok
22:42:56.0466 2936 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:42:56.0497 2936 adp94xx - ok
22:42:56.0544 2936 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:42:56.0560 2936 adpahci - ok
22:42:56.0575 2936 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:42:56.0591 2936 adpu320 - ok
22:42:56.0622 2936 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:42:56.0747 2936 AeLookupSvc - ok
22:42:56.0856 2936 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
22:42:56.0919 2936 AESTFilters - ok
22:42:56.0997 2936 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:42:57.0043 2936 AFD - ok
22:42:57.0121 2936 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
22:42:57.0184 2936 AgereSoftModem - ok
22:42:57.0231 2936 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:42:57.0246 2936 agp440 - ok
22:42:57.0402 2936 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
22:42:57.0418 2936 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
22:42:57.0418 2936 Akamai ( HiddenFile.Multi.Generic ) - warning
22:42:57.0418 2936 Akamai - detected HiddenFile.Multi.Generic (1)
22:42:57.0465 2936 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:42:57.0527 2936 ALG - ok
22:42:57.0574 2936 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:42:57.0589 2936 aliide - ok
22:42:57.0667 2936 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:42:57.0730 2936 AMD External Events Utility - ok
22:42:57.0745 2936 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:42:57.0745 2936 amdide - ok
22:42:57.0792 2936 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:42:57.0855 2936 AmdK8 - ok
22:42:57.0901 2936 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:42:57.0933 2936 AmdPPM - ok
22:42:57.0979 2936 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:42:57.0995 2936 amdsata - ok
22:42:58.0011 2936 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:42:58.0026 2936 amdsbs - ok
22:42:58.0042 2936 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:42:58.0042 2936 amdxata - ok
22:42:58.0104 2936 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:42:58.0245 2936 AppID - ok
22:42:58.0291 2936 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:42:58.0369 2936 AppIDSvc - ok
22:42:58.0432 2936 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:42:58.0479 2936 Appinfo - ok
22:42:58.0541 2936 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:42:58.0557 2936 arc - ok
22:42:58.0557 2936 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:42:58.0572 2936 arcsas - ok
22:42:58.0635 2936 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:42:58.0697 2936 AsyncMac - ok
22:42:58.0728 2936 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:42:58.0744 2936 atapi - ok
22:42:58.0806 2936 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:42:58.0869 2936 athr - ok
22:42:58.0947 2936 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:42:58.0978 2936 AtiHdmiService - ok
22:42:59.0087 2936 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:42:59.0212 2936 atikmdag - ok
22:42:59.0259 2936 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:42:59.0274 2936 AtiPcie - ok
22:42:59.0337 2936 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:42:59.0399 2936 AudioEndpointBuilder - ok
22:42:59.0415 2936 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:42:59.0461 2936 AudioSrv - ok
22:42:59.0524 2936 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
22:42:59.0571 2936 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
22:42:59.0571 2936 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
22:42:59.0602 2936 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
22:42:59.0617 2936 avmeject - ok
22:42:59.0664 2936 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:42:59.0758 2936 AxInstSV - ok
22:42:59.0805 2936 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:42:59.0867 2936 b06bdrv - ok
22:42:59.0914 2936 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:42:59.0961 2936 b57nd60a - ok
22:43:00.0039 2936 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:43:00.0085 2936 BDESVC - ok
22:43:00.0132 2936 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:43:00.0179 2936 Beep - ok
22:43:00.0257 2936 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:43:00.0304 2936 BFE - ok
22:43:00.0444 2936 [ 9521D3908D3D2F5F6353F036845AAD85 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys
22:43:00.0475 2936 BHDrvx64 - ok
22:43:00.0553 2936 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:43:00.0678 2936 BITS - ok
22:43:00.0725 2936 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:43:00.0756 2936 blbdrive - ok
22:43:00.0803 2936 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:43:00.0819 2936 bowser - ok
22:43:00.0881 2936 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:43:00.0943 2936 BrFiltLo - ok
22:43:00.0959 2936 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:43:00.0975 2936 BrFiltUp - ok
22:43:01.0006 2936 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:43:01.0053 2936 Browser - ok
22:43:01.0177 2936 [ B2958F59C2DAFB76348224832FB7C26F ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
22:43:01.0224 2936 BrowserProtect - ok
22:43:01.0287 2936 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:43:01.0333 2936 Brserid - ok
22:43:01.0349 2936 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:43:01.0380 2936 BrSerWdm - ok
22:43:01.0411 2936 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:43:01.0443 2936 BrUsbMdm - ok
22:43:01.0474 2936 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:43:01.0489 2936 BrUsbSer - ok
22:43:01.0536 2936 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:43:01.0567 2936 BTHMODEM - ok
22:43:01.0614 2936 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:43:01.0645 2936 bthserv - ok
22:43:01.0723 2936 [ DA66E851E76766D2C84502FE682AB175 ] ccHP C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
22:43:01.0755 2936 ccHP - ok
22:43:01.0801 2936 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:43:01.0864 2936 cdfs - ok
22:43:01.0911 2936 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:43:01.0942 2936 cdrom - ok
22:43:01.0989 2936 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:43:02.0035 2936 CertPropSvc - ok
22:43:02.0082 2936 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:43:02.0098 2936 circlass - ok
22:43:02.0129 2936 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:43:02.0145 2936 CLFS - ok
22:43:02.0207 2936 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:43:02.0223 2936 clr_optimization_v2.0.50727_32 - ok
22:43:02.0254 2936 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:43:02.0269 2936 clr_optimization_v2.0.50727_64 - ok
22:43:02.0410 2936 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:43:02.0472 2936 clr_optimization_v4.0.30319_32 - ok
22:43:02.0535 2936 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:43:02.0550 2936 clr_optimization_v4.0.30319_64 - ok
22:43:02.0597 2936 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:43:02.0628 2936 CmBatt - ok
22:43:02.0659 2936 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:43:02.0675 2936 cmdide - ok
22:43:02.0706 2936 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:43:02.0753 2936 CNG - ok
22:43:02.0831 2936 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:43:02.0847 2936 Com4QLBEx - ok
22:43:02.0893 2936 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:43:02.0909 2936 Compbatt - ok
22:43:02.0956 2936 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:43:02.0987 2936 CompositeBus - ok
22:43:03.0003 2936 COMSysApp - ok
22:43:03.0034 2936 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:43:03.0049 2936 crcdisk - ok
22:43:03.0096 2936 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:43:03.0143 2936 CryptSvc - ok
22:43:03.0190 2936 [ AF2587DD8BF9090D320454DE9F41E80C ] CXPLRCAP C:\Windows\system32\drivers\CxPlrCap.sys
22:43:03.0221 2936 CXPLRCAP - ok
22:43:03.0268 2936 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:43:03.0330 2936 DcomLaunch - ok
22:43:03.0377 2936 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:43:03.0439 2936 defragsvc - ok
22:43:03.0471 2936 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:43:03.0517 2936 DfsC - ok
22:43:03.0580 2936 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:43:03.0627 2936 Dhcp - ok
22:43:03.0658 2936 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:43:03.0689 2936 discache - ok
22:43:03.0751 2936 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:43:03.0767 2936 Disk - ok
22:43:03.0829 2936 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:43:03.0876 2936 Dnscache - ok
22:43:03.0907 2936 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:43:03.0970 2936 dot3svc - ok
22:43:04.0001 2936 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:43:04.0063 2936 DPS - ok
22:43:04.0095 2936 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:43:04.0126 2936 drmkaud - ok
22:43:04.0173 2936 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:43:04.0204 2936 DXGKrnl - ok
22:43:04.0266 2936 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:43:04.0313 2936 EapHost - ok
22:43:04.0391 2936 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:43:04.0469 2936 ebdrv - ok
22:43:04.0563 2936 [ 066108AE4C35835081598827A1A7D08D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:43:04.0578 2936 eeCtrl - ok
22:43:04.0594 2936 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:43:04.0672 2936 EFS - ok
22:43:04.0750 2936 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:43:04.0828 2936 ehRecvr - ok
22:43:04.0843 2936 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:43:04.0906 2936 ehSched - ok
22:43:04.0953 2936 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:43:04.0968 2936 elxstor - ok
22:43:05.0031 2936 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
22:43:05.0077 2936 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
22:43:05.0077 2936 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
22:43:05.0155 2936 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
22:43:05.0171 2936 EpsonScanSvc - ok
22:43:05.0202 2936 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:43:05.0233 2936 ErrDev - ok
22:43:05.0280 2936 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:43:05.0343 2936 EventSystem - ok
22:43:05.0405 2936 [ 8ADACFFAD67394C711698EA074CE3BAB ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
22:43:05.0452 2936 ewusbnet - ok
22:43:05.0483 2936 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:43:05.0530 2936 exfat - ok
22:43:05.0561 2936 ezSharedSvc - ok
22:43:05.0592 2936 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:43:05.0623 2936 fastfat - ok
22:43:05.0686 2936 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:43:05.0748 2936 Fax - ok
22:43:05.0764 2936 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:43:05.0795 2936 fdc - ok
22:43:05.0842 2936 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:43:05.0889 2936 fdPHost - ok
22:43:05.0920 2936 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:43:05.0967 2936 FDResPub - ok
22:43:05.0998 2936 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:43:06.0013 2936 FileInfo - ok
22:43:06.0029 2936 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:43:06.0076 2936 Filetrace - ok
22:43:06.0091 2936 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:43:06.0123 2936 flpydisk - ok
22:43:06.0169 2936 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:43:06.0185 2936 FltMgr - ok
22:43:06.0232 2936 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
22:43:06.0294 2936 FontCache - ok
22:43:06.0341 2936 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:43:06.0341 2936 FsDepends - ok
22:43:06.0403 2936 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:43:06.0419 2936 Fs_Rec - ok
22:43:06.0466 2936 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:43:06.0497 2936 fvevol - ok
22:43:06.0559 2936 [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
22:43:06.0606 2936 FWLANUSB - ok
22:43:06.0669 2936 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:43:06.0669 2936 gagp30kx - ok
22:43:06.0747 2936 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
22:43:06.0762 2936 GameConsoleService - ok
22:43:06.0825 2936 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:43:06.0887 2936 gpsvc - ok
22:43:07.0027 2936 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:43:07.0043 2936 gupdate - ok
22:43:07.0105 2936 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:43:07.0105 2936 gupdatem - ok
22:43:07.0152 2936 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:43:07.0183 2936 hcw85cir - ok
22:43:07.0230 2936 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:43:07.0261 2936 HdAudAddService - ok
22:43:07.0277 2936 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:43:07.0308 2936 HDAudBus - ok
22:43:07.0324 2936 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:43:07.0355 2936 HidBatt - ok
22:43:07.0386 2936 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:43:07.0417 2936 HidBth - ok
22:43:07.0433 2936 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:43:07.0464 2936 HidIr - ok
22:43:07.0495 2936 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:43:07.0558 2936 hidserv - ok
22:43:07.0589 2936 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:43:07.0605 2936 HidUsb - ok
22:43:07.0667 2936 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:43:07.0714 2936 hkmsvc - ok
22:43:07.0745 2936 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:43:07.0792 2936 HomeGroupListener - ok
22:43:07.0823 2936 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:43:07.0870 2936 HomeGroupProvider - ok
22:43:07.0948 2936 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:43:07.0948 2936 HP Support Assistant Service - ok
22:43:08.0026 2936 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:43:08.0041 2936 HPDrvMntSvc.exe - ok
22:43:08.0088 2936 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:43:08.0135 2936 HpqKbFiltr - ok
22:43:08.0197 2936 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:43:08.0229 2936 hpqwmiex - ok
22:43:08.0291 2936 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:43:08.0307 2936 HpSAMD - ok
22:43:08.0353 2936 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:43:08.0400 2936 HTTP - ok
22:43:08.0463 2936 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:43:08.0509 2936 hwdatacard - ok
22:43:08.0572 2936 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:43:08.0572 2936 hwpolicy - ok
22:43:08.0603 2936 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
22:43:08.0634 2936 hwusbdev - ok
22:43:08.0681 2936 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:43:08.0697 2936 i8042prt - ok
22:43:08.0728 2936 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:43:08.0759 2936 iaStorV - ok
22:43:08.0790 2936 [ 5B6FDE76D72C2A1F0F99CBE5277E82EC ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101111.001\IDSvia64.sys
22:43:08.0821 2936 IDSVia64 - ok
22:43:08.0946 2936 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:43:09.0071 2936 igfx - ok
22:43:09.0118 2936 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:43:09.0118 2936 iirsp - ok
22:43:09.0165 2936 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:43:09.0243 2936 IKEEXT - ok
22:43:09.0258 2936 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:43:09.0274 2936 intelide - ok
22:43:09.0289 2936 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:43:09.0321 2936 intelppm - ok
22:43:09.0367 2936 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:43:09.0414 2936 IPBusEnum - ok
22:43:09.0461 2936 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:43:09.0508 2936 IpFilterDriver - ok
22:43:09.0555 2936 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:43:09.0601 2936 iphlpsvc - ok
22:43:09.0648 2936 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:43:09.0679 2936 IPMIDRV - ok
22:43:09.0711 2936 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:43:09.0757 2936 IPNAT - ok
22:43:09.0789 2936 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:43:09.0867 2936 IRENUM - ok
22:43:09.0867 2936 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:43:09.0882 2936 isapnp - ok
22:43:09.0898 2936 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:43:09.0913 2936 iScsiPrt - ok
22:43:10.0069 2936 [ 1152F8BEB568F2F72F1C5C32A1F4E529 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
22:43:10.0069 2936 ISWKL - ok
22:43:10.0147 2936 [ EF46EF3A790C42BBA9B5AFA2586448DB ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
22:43:10.0179 2936 IswSvc - ok
22:43:10.0210 2936 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:43:10.0225 2936 kbdclass - ok
22:43:10.0241 2936 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:43:10.0272 2936 kbdhid - ok
22:43:10.0288 2936 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:43:10.0303 2936 KeyIso - ok
22:43:10.0381 2936 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
22:43:10.0397 2936 KL1 - ok
22:43:10.0459 2936 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
22:43:10.0475 2936 kl2 - ok
22:43:10.0537 2936 [ 055790D38D7EC73AEF03E4AA7F67BA03 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:43:10.0569 2936 KLIF - ok
22:43:10.0600 2936 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:43:10.0615 2936 KSecDD - ok
22:43:10.0631 2936 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:43:10.0647 2936 KSecPkg - ok
22:43:10.0662 2936 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:43:10.0709 2936 ksthunk - ok
22:43:10.0756 2936 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:43:10.0818 2936 KtmRm - ok
22:43:10.0865 2936 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:43:10.0927 2936 LanmanServer - ok
22:43:10.0959 2936 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:43:11.0021 2936 LanmanWorkstation - ok
22:43:11.0083 2936 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:43:11.0115 2936 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:43:11.0115 2936 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:43:11.0146 2936 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:43:11.0208 2936 lltdio - ok
22:43:11.0239 2936 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:43:11.0302 2936 lltdsvc - ok
22:43:11.0317 2936 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:43:11.0349 2936 lmhosts - ok
22:43:11.0395 2936 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:43:11.0411 2936 LSI_FC - ok
22:43:11.0442 2936 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:43:11.0442 2936 LSI_SAS - ok
22:43:11.0458 2936 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:43:11.0473 2936 LSI_SAS2 - ok
22:43:11.0505 2936 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:43:11.0520 2936 LSI_SCSI - ok
22:43:11.0567 2936 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:43:11.0629 2936 luafv - ok
22:43:11.0692 2936 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:43:11.0692 2936 MBAMProtector - ok
22:43:11.0754 2936 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:43:11.0770 2936 MBAMScheduler - ok
22:43:11.0801 2936 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:43:11.0832 2936 MBAMService - ok
22:43:11.0879 2936 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:43:11.0926 2936 Mcx2Svc - ok
22:43:11.0957 2936 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:43:11.0973 2936 megasas - ok
22:43:12.0004 2936 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:43:12.0019 2936 MegaSR - ok
22:43:12.0051 2936 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:43:12.0097 2936 MMCSS - ok
22:43:12.0129 2936 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:43:12.0175 2936 Modem - ok
22:43:12.0207 2936 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:43:12.0238 2936 monitor - ok
22:43:12.0269 2936 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:43:12.0285 2936 mouclass - ok
22:43:12.0316 2936 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:43:12.0331 2936 mouhid - ok
22:43:12.0363 2936 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:43:12.0378 2936 mountmgr - ok
22:43:12.0472 2936 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:43:12.0472 2936 MozillaMaintenance - ok
22:43:12.0503 2936 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:43:12.0519 2936 mpio - ok
22:43:12.0534 2936 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:43:12.0581 2936 mpsdrv - ok
22:43:12.0612 2936 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:43:12.0675 2936 MpsSvc - ok
22:43:12.0706 2936 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:43:12.0737 2936 MRxDAV - ok
22:43:12.0768 2936 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:43:12.0815 2936 mrxsmb - ok
22:43:12.0862 2936 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:43:12.0893 2936 mrxsmb10 - ok
22:43:12.0909 2936 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:43:12.0924 2936 mrxsmb20 - ok
22:43:12.0955 2936 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:43:12.0971 2936 msahci - ok
22:43:12.0987 2936 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:43:13.0002 2936 msdsm - ok
22:43:13.0018 2936 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:43:13.0049 2936 MSDTC - ok
22:43:13.0111 2936 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:43:13.0143 2936 Msfs - ok
22:43:13.0158 2936 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:43:13.0189 2936 mshidkmdf - ok
22:43:13.0205 2936 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:43:13.0221 2936 msisadrv - ok
22:43:13.0267 2936 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:43:13.0330 2936 MSiSCSI - ok
22:43:13.0330 2936 msiserver - ok
22:43:13.0377 2936 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:43:13.0423 2936 MSKSSRV - ok
22:43:13.0439 2936 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:43:13.0501 2936 MSPCLOCK - ok
22:43:13.0517 2936 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:43:13.0564 2936 MSPQM - ok
22:43:13.0595 2936 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:43:13.0611 2936 MsRPC - ok
22:43:13.0657 2936 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:43:13.0673 2936 mssmbios - ok
22:43:13.0689 2936 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:43:13.0735 2936 MSTEE - ok
22:43:13.0751 2936 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:43:13.0782 2936 MTConfig - ok
22:43:13.0813 2936 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:43:13.0829 2936 Mup - ok
22:43:13.0860 2936 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:43:13.0923 2936 napagent - ok
22:43:13.0985 2936 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:43:14.0016 2936 NativeWifiP - ok
22:43:14.0032 2936 NAVENG - ok
22:43:14.0047 2936 NAVEX15 - ok
22:43:14.0125 2936 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:43:14.0141 2936 NDIS - ok
22:43:14.0157 2936 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:43:14.0203 2936 NdisCap - ok
22:43:14.0235 2936 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:43:14.0281 2936 NdisTapi - ok
22:43:14.0328 2936 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:43:14.0359 2936 Ndisuio - ok
22:43:14.0406 2936 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:43:14.0469 2936 NdisWan - ok
22:43:14.0500 2936 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:43:14.0547 2936 NDProxy - ok
22:43:14.0593 2936 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:43:14.0656 2936 NetBIOS - ok
22:43:14.0687 2936 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:43:14.0734 2936 NetBT - ok
22:43:14.0749 2936 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:43:14.0749 2936 Netlogon - ok
22:43:14.0812 2936 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:43:14.0874 2936 Netman - ok
22:43:14.0905 2936 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:43:14.0968 2936 netprofm - ok
22:43:15.0093 2936 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
22:43:15.0217 2936 netw5v64 - ok
22:43:15.0295 2936 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:43:15.0311 2936 nfrd960 - ok
22:43:15.0389 2936 [ 8E643FD5F38FA9A2EDA27268A1E9499F ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
22:43:15.0405 2936 NIS - ok
22:43:15.0483 2936 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:43:15.0529 2936 NlaSvc - ok
22:43:15.0561 2936 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:43:15.0607 2936 Npfs - ok
22:43:15.0623 2936 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:43:15.0670 2936 nsi - ok
22:43:15.0701 2936 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:43:15.0763 2936 nsiproxy - ok
22:43:15.0810 2936 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:43:15.0857 2936 Ntfs - ok
22:43:15.0873 2936 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:43:15.0904 2936 Null - ok
22:43:15.0951 2936 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:43:15.0966 2936 nvraid - ok
22:43:15.0966 2936 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:43:15.0982 2936 nvstor - ok
22:43:16.0044 2936 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:43:16.0044 2936 nv_agp - ok
22:43:16.0138 2936 [ DC08484919622981145136D68FA5CC3E ] ocster_backup c:\Program Files\Ocster Backup\bin\backupService-ox.exe
22:43:16.0153 2936 ocster_backup - ok
22:43:16.0169 2936 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:43:16.0200 2936 ohci1394 - ok
22:43:16.0231 2936 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:43:16.0278 2936 p2pimsvc - ok
22:43:16.0294 2936 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:43:16.0325 2936 p2psvc - ok
22:43:16.0341 2936 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:43:16.0356 2936 Parport - ok
22:43:16.0387 2936 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:43:16.0403 2936 partmgr - ok
22:43:16.0450 2936 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:43:16.0497 2936 PcaSvc - ok
22:43:16.0528 2936 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:43:16.0543 2936 pci - ok
22:43:16.0559 2936 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:43:16.0575 2936 pciide - ok
22:43:16.0590 2936 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:43:16.0606 2936 pcmcia - ok
22:43:16.0637 2936 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:43:16.0653 2936 pcw - ok
22:43:16.0668 2936 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:43:16.0715 2936 PEAUTH - ok
22:43:16.0777 2936 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:43:16.0824 2936 PerfHost - ok
22:43:16.0871 2936 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:43:16.0949 2936 pla - ok
22:43:16.0996 2936 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:43:17.0027 2936 PlugPlay - ok
22:43:17.0058 2936 PnkBstrA - ok
22:43:17.0089 2936 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:43:17.0121 2936 PNRPAutoReg - ok
22:43:17.0152 2936 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:43:17.0167 2936 PNRPsvc - ok
22:43:17.0199 2936 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:43:17.0245 2936 PolicyAgent - ok
22:43:17.0277 2936 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:43:17.0339 2936 Power - ok
22:43:17.0386 2936 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:43:17.0433 2936 PptpMiniport - ok
22:43:17.0448 2936 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:43:17.0479 2936 Processor - ok
22:43:17.0511 2936 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:43:17.0557 2936 ProfSvc - ok
22:43:17.0573 2936 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:43:17.0589 2936 ProtectedStorage - ok
22:43:17.0635 2936 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:43:17.0682 2936 Psched - ok
22:43:17.0729 2936 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
22:43:17.0745 2936 PSI - ok
22:43:17.0807 2936 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:43:17.0854 2936 ql2300 - ok
22:43:17.0869 2936 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:43:17.0885 2936 ql40xx - ok
22:43:17.0916 2936 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:43:17.0932 2936 QWAVE - ok
22:43:17.0963 2936 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:43:17.0994 2936 QWAVEdrv - ok
22:43:18.0057 2936 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
22:43:18.0072 2936 RapiMgr - ok
22:43:18.0088 2936 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:43:18.0135 2936 RasAcd - ok
22:43:18.0181 2936 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:43:18.0213 2936 RasAgileVpn - ok
22:43:18.0228 2936 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:43:18.0275 2936 RasAuto - ok
22:43:18.0306 2936 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:43:18.0353 2936 Rasl2tp - ok
22:43:18.0415 2936 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:43:18.0462 2936 RasMan - ok
22:43:18.0509 2936 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:43:18.0556 2936 RasPppoe - ok
22:43:18.0587 2936 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:43:18.0634 2936 RasSstp - ok
22:43:18.0665 2936 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:43:18.0712 2936 rdbss - ok
22:43:18.0727 2936 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:43:18.0759 2936 rdpbus - ok
22:43:18.0790 2936 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:43:18.0821 2936 RDPCDD - ok
22:43:18.0868 2936 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:43:18.0915 2936 RDPENCDD - ok
22:43:18.0946 2936 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:43:18.0993 2936 RDPREFMP - ok
22:43:19.0024 2936 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:43:19.0071 2936 RDPWD - ok
22:43:19.0117 2936 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:43:19.0133 2936 rdyboost - ok
22:43:19.0164 2936 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:43:19.0227 2936 RemoteAccess - ok
22:43:19.0258 2936 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:43:19.0305 2936 RemoteRegistry - ok
22:43:19.0367 2936 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:43:19.0383 2936 RichVideo - ok
22:43:19.0398 2936 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:43:19.0445 2936 RpcEptMapper - ok
22:43:19.0461 2936 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:43:19.0492 2936 RpcLocator - ok
22:43:19.0523 2936 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:43:19.0570 2936 RpcSs - ok
22:43:19.0617 2936 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:43:19.0679 2936 rspndr - ok
22:43:19.0757 2936 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:43:19.0788 2936 RSUSBSTOR - ok
22:43:19.0819 2936 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:43:19.0866 2936 RTL8167 - ok
22:43:19.0882 2936 RtsUIR - ok
22:43:19.0913 2936 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:43:19.0929 2936 SamSs - ok
22:43:19.0960 2936 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:43:19.0975 2936 sbp2port - ok
22:43:19.0991 2936 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:43:20.0053 2936 SCardSvr - ok
22:43:20.0085 2936 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:43:20.0131 2936 scfilter - ok
22:43:20.0178 2936 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:43:20.0241 2936 Schedule - ok
22:43:20.0272 2936 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:43:20.0303 2936 SCPolicySvc - ok
22:43:20.0365 2936 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
22:43:20.0397 2936 sdbus - ok
22:43:20.0443 2936 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:43:20.0506 2936 SDRSVC - ok
22:43:20.0553 2936 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:43:20.0599 2936 secdrv - ok
22:43:20.0631 2936 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:43:20.0693 2936 seclogon - ok
22:43:20.0755 2936 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:43:20.0787 2936 Secunia PSI Agent - ok
22:43:20.0802 2936 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
22:43:20.0818 2936 Secunia Update Agent - ok
22:43:20.0833 2936 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:43:20.0896 2936 SENS - ok
22:43:20.0911 2936 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:43:20.0943 2936 SensrSvc - ok
22:43:20.0958 2936 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:43:20.0974 2936 Serenum - ok
22:43:20.0989 2936 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:43:21.0021 2936 Serial - ok
22:43:21.0083 2936 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:43:21.0114 2936 sermouse - ok
22:43:21.0145 2936 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:43:21.0208 2936 SessionEnv - ok
22:43:21.0239 2936 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:43:21.0286 2936 sffdisk - ok
22:43:21.0301 2936 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:43:21.0333 2936 sffp_mmc - ok
22:43:21.0348 2936 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:43:21.0379 2936 sffp_sd - ok
22:43:21.0411 2936 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:43:21.0426 2936 sfloppy - ok
22:43:21.0489 2936 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:43:21.0551 2936 SharedAccess - ok
22:43:21.0582 2936 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:43:21.0645 2936 ShellHWDetection - ok
22:43:21.0691 2936 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:43:21.0707 2936 SiSRaid2 - ok
22:43:21.0723 2936 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:43:21.0738 2936 SiSRaid4 - ok
22:43:21.0785 2936 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:43:21.0832 2936 Smb - ok
22:43:21.0894 2936 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:43:21.0925 2936 SNMPTRAP - ok
22:43:21.0941 2936 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:43:21.0957 2936 spldr - ok
22:43:22.0003 2936 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:43:22.0035 2936 Spooler - ok
22:43:22.0113 2936 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:43:22.0222 2936 sppsvc - ok
22:43:22.0253 2936 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:43:22.0300 2936 sppuinotify - ok
22:43:22.0347 2936 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
22:43:22.0378 2936 SRTSP - ok
22:43:22.0393 2936 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
22:43:22.0393 2936 SRTSPX - ok
22:43:22.0425 2936 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:43:22.0487 2936 srv - ok
22:43:22.0518 2936 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:43:22.0565 2936 srv2 - ok
22:43:22.0612 2936 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:43:22.0627 2936 SrvHsfHDA - ok
22:43:22.0674 2936 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:43:22.0721 2936 SrvHsfV92 - ok
22:43:22.0752 2936 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:43:22.0783 2936 SrvHsfWinac - ok
22:43:22.0799 2936 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:43:22.0830 2936 srvnet - ok
22:43:22.0893 2936 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:43:22.0940 2936 SSDPSRV - ok
22:43:22.0971 2936 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:43:23.0002 2936 SstpSvc - ok
22:43:23.0096 2936 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
22:43:23.0127 2936 STacSV - ok
22:43:23.0158 2936 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:43:23.0158 2936 stexstor - ok
22:43:23.0236 2936 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
22:43:23.0252 2936 STHDA - ok
22:43:23.0298 2936 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:43:23.0345 2936 stisvc - ok
22:43:23.0376 2936 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:43:23.0376 2936 swenum - ok
22:43:23.0408 2936 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:43:23.0470 2936 swprv - ok
22:43:23.0501 2936 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
22:43:23.0532 2936 SymDS - ok
22:43:23.0564 2936 [ 42C952D131EFF724A9959BB6D78C1B63 ] SymEFA C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
22:43:23.0579 2936 SymEFA - ok
22:43:23.0595 2936 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:43:23.0610 2936 SymEvent - ok
22:43:23.0626 2936 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
22:43:23.0642 2936 SymIRON - ok
22:43:23.0657 2936 [ 8ABB6E5B7D75CD3F0A988695D0D9186A ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
22:43:23.0673 2936 SYMTDIv - ok
22:43:23.0720 2936 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:43:23.0735 2936 SynTP - ok
22:43:23.0798 2936 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:43:23.0860 2936 SysMain - ok
22:43:23.0891 2936 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:43:23.0922 2936 TabletInputService - ok
22:43:23.0938 2936 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:43:23.0985 2936 TapiSrv - ok
22:43:24.0016 2936 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:43:24.0078 2936 TBS - ok
22:43:24.0156 2936 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:43:24.0203 2936 Tcpip - ok
22:43:24.0250 2936 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:43:24.0281 2936 TCPIP6 - ok
22:43:24.0312 2936 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:43:24.0344 2936 tcpipreg - ok
22:43:24.0406 2936 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:43:24.0453 2936 TDPIPE - ok
22:43:24.0484 2936 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:43:24.0515 2936 TDTCP - ok
22:43:24.0546 2936 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:43:24.0593 2936 tdx - ok
22:43:24.0624 2936 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:43:24.0640 2936 TermDD - ok
22:43:24.0687 2936 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:43:24.0749 2936 TermService - ok
22:43:24.0843 2936 [ 8F14DE79EBE73D6D717B8455E64DDA86 ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
22:43:24.0858 2936 TGCM_ImportWiFiSvc - ok
22:43:24.0874 2936 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:43:24.0921 2936 Themes - ok
22:43:24.0952 2936 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:43:24.0983 2936 THREADORDER - ok
22:43:24.0999 2936 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:43:25.0061 2936 TrkWks - ok
22:43:25.0124 2936 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:43:25.0186 2936 TrustedInstaller - ok
22:43:25.0217 2936 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:43:25.0280 2936 tssecsrv - ok
22:43:25.0311 2936 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:43:25.0326 2936 TsUsbFlt - ok
22:43:25.0389 2936 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:43:25.0436 2936 tunnel - ok
22:43:25.0451 2936 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:43:25.0467 2936 uagp35 - ok
22:43:25.0482 2936 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:43:25.0545 2936 udfs - ok
22:43:25.0560 2936 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:43:25.0592 2936 UI0Detect - ok
22:43:25.0638 2936 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:43:25.0638 2936 uliagpkx - ok
22:43:25.0701 2936 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:43:25.0732 2936 umbus - ok
22:43:25.0763 2936 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:43:25.0779 2936 UmPass - ok
22:43:25.0810 2936 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:43:25.0857 2936 upnphost - ok
22:43:25.0888 2936 upperdev - ok
22:43:25.0935 2936 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:43:25.0982 2936 usbccgp - ok
22:43:25.0982 2936 USBCCID - ok
22:43:26.0044 2936 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:43:26.0060 2936 usbcir - ok
22:43:26.0075 2936 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:43:26.0106 2936 usbehci - ok
22:43:26.0122 2936 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:43:26.0138 2936 usbfilter - ok
22:43:26.0153 2936 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:43:26.0184 2936 usbhub - ok
22:43:26.0200 2936 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:43:26.0231 2936 usbohci - ok
22:43:26.0278 2936 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:43:26.0309 2936 usbprint - ok
22:43:26.0372 2936 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:43:26.0403 2936 usbscan - ok
22:43:26.0450 2936 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:43:26.0496 2936 USBSTOR - ok
22:43:26.0512 2936 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:43:26.0528 2936 usbuhci - ok
22:43:26.0574 2936 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:43:26.0590 2936 usbvideo - ok
22:43:26.0606 2936 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
22:43:26.0652 2936 usb_rndisx - ok
22:43:26.0684 2936 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:43:26.0730 2936 UxSms - ok
22:43:26.0762 2936 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:43:26.0777 2936 VaultSvc - ok
22:43:26.0824 2936 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:43:26.0840 2936 vdrvroot - ok
22:43:26.0871 2936 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:43:26.0918 2936 vds - ok
22:43:26.0949 2936 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:43:26.0964 2936 vga - ok
22:43:26.0980 2936 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:43:27.0027 2936 VgaSave - ok
22:43:27.0042 2936 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:43:27.0058 2936 vhdmp - ok
22:43:27.0089 2936 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:43:27.0089 2936 viaide - ok
22:43:27.0105 2936 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:43:27.0120 2936 volmgr - ok
22:43:27.0167 2936 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:43:27.0183 2936 volmgrx - ok
22:43:27.0214 2936 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:43:27.0230 2936 volsnap - ok
22:43:27.0308 2936 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
22:43:27.0323 2936 Vsdatant - ok
22:43:27.0354 2936 vsmon - ok
22:43:27.0417 2936 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:43:27.0432 2936 vsmraid - ok
22:43:27.0495 2936 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:43:27.0557 2936 VSS - ok
22:43:27.0588 2936 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:43:27.0635 2936 vwifibus - ok
22:43:27.0666 2936 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:43:27.0682 2936 vwififlt - ok
22:43:27.0729 2936 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:43:27.0744 2936 vwifimp - ok
22:43:27.0776 2936 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:43:27.0807 2936 W32Time - ok
22:43:27.0822 2936 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:43:27.0854 2936 WacomPen - ok
22:43:27.0916 2936 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:43:27.0963 2936 WANARP - ok
22:43:27.0978 2936 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:43:28.0010 2936 Wanarpv6 - ok
22:43:28.0056 2936 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:43:28.0103 2936 wbengine - ok
22:43:28.0134 2936 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:43:28.0166 2936 WbioSrvc - ok
22:43:28.0197 2936 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
22:43:28.0228 2936 WcesComm - ok
22:43:28.0259 2936 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:43:28.0290 2936 wcncsvc - ok
22:43:28.0322 2936 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:43:28.0337 2936 WcsPlugInService - ok
22:43:28.0368 2936 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:43:28.0384 2936 Wd - ok
22:43:28.0431 2936 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:43:28.0462 2936 Wdf01000 - ok
22:43:28.0478 2936 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:43:28.0556 2936 WdiServiceHost - ok
22:43:28.0556 2936 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:43:28.0571 2936 WdiSystemHost - ok
22:43:28.0618 2936 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:43:28.0649 2936 WebClient - ok
22:43:28.0665 2936 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:43:28.0712 2936 Wecsvc - ok
22:43:28.0727 2936 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:43:28.0774 2936 wercplsupport - ok
22:43:28.0821 2936 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:43:28.0868 2936 WerSvc - ok
22:43:28.0914 2936 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:43:28.0946 2936 WfpLwf - ok
22:43:28.0961 2936 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:43:28.0977 2936 WIMMount - ok
22:43:28.0992 2936 WinDefend - ok
22:43:28.0992 2936 WinHttpAutoProxySvc - ok
22:43:29.0039 2936 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:43:29.0086 2936 Winmgmt - ok
22:43:29.0148 2936 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:43:29.0211 2936 WinRM - ok
22:43:29.0289 2936 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:43:29.0320 2936 WinUsb - ok
22:43:29.0351 2936 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:43:29.0398 2936 Wlansvc - ok
22:43:29.0429 2936 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:43:29.0445 2936 WmiAcpi - ok
22:43:29.0476 2936 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:43:29.0507 2936 wmiApSrv - ok
22:43:29.0554 2936 WMPNetworkSvc - ok
22:43:29.0570 2936 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:43:29.0585 2936 WPCSvc - ok
22:43:29.0632 2936 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:43:29.0663 2936 WPDBusEnum - ok
22:43:29.0679 2936 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:43:29.0726 2936 ws2ifsl - ok
22:43:29.0757 2936 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:43:29.0804 2936 wscsvc - ok
22:43:29.0804 2936 WSearch - ok
22:43:29.0882 2936 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:43:29.0928 2936 wuauserv - ok
22:43:29.0975 2936 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:43:29.0991 2936 WudfPf - ok
22:43:30.0053 2936 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:43:30.0069 2936 WUDFRd - ok
22:43:30.0069 2936 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:43:30.0100 2936 wudfsvc - ok
22:43:30.0131 2936 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:43:30.0147 2936 WwanSvc - ok
22:43:30.0209 2936 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:43:30.0240 2936 yukonw7 - ok
22:43:30.0287 2936 ================ Scan global ===============================
22:43:30.0334 2936 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:43:30.0365 2936 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:43:30.0365 2936 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:43:30.0396 2936 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:43:30.0412 2936 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:43:30.0412 2936 [Global] - ok
22:43:30.0412 2936 ================ Scan MBR ==================================
22:43:30.0428 2936 [ 92346430B194230214553FBBB4F896BA ] \Device\Harddisk0\DR0
22:43:30.0724 2936 \Device\Harddisk0\DR0 - ok
22:43:30.0724 2936 ================ Scan VBR ==================================
22:43:30.0724 2936 [ E284B2FBEAE091A7BCA343596F952E5B ] \Device\Harddisk0\DR0\Partition1
22:43:30.0724 2936 \Device\Harddisk0\DR0\Partition1 - ok
22:43:30.0755 2936 [ 3D78C3A0CEFC2BB65E3346EAE0A6481D ] \Device\Harddisk0\DR0\Partition2
22:43:30.0755 2936 \Device\Harddisk0\DR0\Partition2 - ok
22:43:30.0786 2936 [ A2B0F9FAF5A2723B716EF0A51FDD984D ] \Device\Harddisk0\DR0\Partition3
22:43:30.0786 2936 \Device\Harddisk0\DR0\Partition3 - ok
22:43:30.0802 2936 [ F4824C45A6691182F4A177E132E45F81 ] \Device\Harddisk0\DR0\Partition4
22:43:30.0802 2936 \Device\Harddisk0\DR0\Partition4 - ok
22:43:30.0802 2936 ============================================================
22:43:30.0802 2936 Scan finished
22:43:30.0802 2936 ============================================================
22:43:30.0818 2928 Detected object count: 4
22:43:30.0818 2928 Actual detected object count: 4
22:45:27.0255 2928 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
22:45:27.0270 2928 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
22:45:27.0270 2928 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:27.0270 2928 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:27.0270 2928 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:27.0270 2928 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:27.0270 2928 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:27.0270 2928 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:31.0903 2868 Deinitialize success

Alt 15.01.2013, 22:37   #12
Sascha2603
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



22:56:34.0151 2952 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:56:34.0401 2952 ============================================================
22:56:34.0401 2952 Current date / time: 2013/01/15 22:56:34.0401
22:56:34.0401 2952 SystemInfo:
22:56:34.0401 2952
22:56:34.0401 2952 OS Version: 6.1.7601 ServicePack: 1.0
22:56:34.0401 2952 Product type: Workstation
22:56:34.0401 2952 ComputerName: MAUSI
22:56:34.0401 2952 UserName: Sascha Woitzik
22:56:34.0401 2952 Windows directory: C:\Windows
22:56:34.0401 2952 System windows directory: C:\Windows
22:56:34.0401 2952 Running under WOW64
22:56:34.0401 2952 Processor architecture: Intel x64
22:56:34.0401 2952 Number of processors: 2
22:56:34.0401 2952 Page size: 0x1000
22:56:34.0401 2952 Boot type: Safe boot with network
22:56:34.0401 2952 ============================================================
22:56:35.0789 2952 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:56:35.0789 2952 ============================================================
22:56:35.0789 2952 \Device\Harddisk0\DR0:
22:56:35.0789 2952 MBR partitions:
22:56:35.0789 2952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:56:35.0789 2952 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38802000
22:56:35.0789 2952 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38866000, BlocksNum 0x1AEC000
22:56:35.0789 2952 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
22:56:35.0789 2952 ============================================================
22:56:35.0820 2952 C: <-> \Device\Harddisk0\DR0\Partition2
22:56:35.0867 2952 D: <-> \Device\Harddisk0\DR0\Partition3
22:56:35.0883 2952 E: <-> \Device\Harddisk0\DR0\Partition4
22:56:35.0883 2952 ============================================================
22:56:35.0883 2952 Initialize success
22:56:35.0883 2952 ============================================================
22:56:49.0626 3008 ============================================================
22:56:49.0626 3008 Scan started
22:56:49.0626 3008 Mode: Manual; SigCheck; TDLFS;
22:56:49.0626 3008 ============================================================
22:56:50.0703 3008 ================ Scan system memory ========================
22:56:50.0703 3008 System memory - ok
22:56:50.0703 3008 ================ Scan services =============================
22:56:50.0859 3008 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:56:50.0952 3008 1394ohci - ok
22:56:51.0093 3008 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
22:56:51.0124 3008 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
22:56:51.0171 3008 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:56:51.0186 3008 ACPI - ok
22:56:51.0233 3008 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:56:51.0295 3008 AcpiPmi - ok
22:56:51.0405 3008 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:56:51.0420 3008 AdobeARMservice - ok
22:56:51.0561 3008 AdobeFlashPlayerUpdateSvc - ok
22:56:51.0639 3008 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:56:51.0654 3008 adp94xx - ok
22:56:51.0701 3008 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:56:51.0732 3008 adpahci - ok
22:56:51.0732 3008 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:56:51.0748 3008 adpu320 - ok
22:56:51.0779 3008 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:56:51.0904 3008 AeLookupSvc - ok
22:56:52.0013 3008 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
22:56:52.0075 3008 AESTFilters - ok
22:56:52.0138 3008 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:56:52.0200 3008 AFD - ok
22:56:52.0263 3008 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
22:56:52.0309 3008 AgereSoftModem - ok
22:56:52.0372 3008 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:56:52.0372 3008 agp440 - ok
22:56:52.0575 3008 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
22:56:52.0575 3008 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
22:56:52.0590 3008 Akamai ( HiddenFile.Multi.Generic ) - warning
22:56:52.0590 3008 Akamai - detected HiddenFile.Multi.Generic (1)
22:56:52.0637 3008 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:56:52.0668 3008 ALG - ok
22:56:52.0746 3008 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:56:52.0746 3008 aliide - ok
22:56:52.0824 3008 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:56:52.0887 3008 AMD External Events Utility - ok
22:56:52.0902 3008 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:56:52.0918 3008 amdide - ok
22:56:52.0965 3008 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:56:53.0027 3008 AmdK8 - ok
22:56:53.0074 3008 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:56:53.0105 3008 AmdPPM - ok
22:56:53.0136 3008 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:56:53.0152 3008 amdsata - ok
22:56:53.0183 3008 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:56:53.0199 3008 amdsbs - ok
22:56:53.0214 3008 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:56:53.0230 3008 amdxata - ok
22:56:53.0277 3008 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:56:53.0401 3008 AppID - ok
22:56:53.0433 3008 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:56:53.0495 3008 AppIDSvc - ok
22:56:53.0557 3008 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:56:53.0620 3008 Appinfo - ok
22:56:53.0667 3008 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:56:53.0682 3008 arc - ok
22:56:53.0682 3008 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:56:53.0698 3008 arcsas - ok
22:56:53.0745 3008 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:56:53.0807 3008 AsyncMac - ok
22:56:53.0838 3008 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:56:53.0854 3008 atapi - ok
22:56:53.0932 3008 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:56:53.0994 3008 athr - ok
22:56:54.0057 3008 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:56:54.0072 3008 AtiHdmiService - ok
22:56:54.0197 3008 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:56:54.0322 3008 atikmdag - ok
22:56:54.0369 3008 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:56:54.0369 3008 AtiPcie - ok
22:56:54.0431 3008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:56:54.0509 3008 AudioEndpointBuilder - ok
22:56:54.0509 3008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:56:54.0556 3008 AudioSrv - ok
22:56:54.0618 3008 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
22:56:54.0665 3008 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
22:56:54.0665 3008 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
22:56:54.0712 3008 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
22:56:54.0712 3008 avmeject - ok
22:56:54.0774 3008 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:56:54.0805 3008 AxInstSV - ok
22:56:54.0868 3008 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:56:54.0915 3008 b06bdrv - ok
22:56:54.0961 3008 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:56:54.0993 3008 b57nd60a - ok
22:56:55.0055 3008 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:56:55.0102 3008 BDESVC - ok
22:56:55.0133 3008 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:56:55.0180 3008 Beep - ok
22:56:55.0258 3008 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:56:55.0305 3008 BFE - ok
22:56:55.0445 3008 [ 9521D3908D3D2F5F6353F036845AAD85 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys
22:56:55.0476 3008 BHDrvx64 - ok
22:56:55.0492 3008 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:56:55.0554 3008 BITS - ok
22:56:55.0585 3008 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:56:55.0617 3008 blbdrive - ok
22:56:55.0663 3008 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:56:55.0679 3008 bowser - ok
22:56:55.0741 3008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:56:55.0804 3008 BrFiltLo - ok
22:56:55.0835 3008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:56:55.0851 3008 BrFiltUp - ok
22:56:55.0882 3008 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:56:55.0913 3008 Browser - ok
22:56:56.0022 3008 [ B2958F59C2DAFB76348224832FB7C26F ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
22:56:56.0085 3008 BrowserProtect - ok
22:56:56.0131 3008 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:56:56.0178 3008 Brserid - ok
22:56:56.0194 3008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:56:56.0225 3008 BrSerWdm - ok
22:56:56.0256 3008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:56:56.0287 3008 BrUsbMdm - ok
22:56:56.0319 3008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:56:56.0334 3008 BrUsbSer - ok
22:56:56.0381 3008 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:56:56.0412 3008 BTHMODEM - ok
22:56:56.0459 3008 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:56:56.0490 3008 bthserv - ok
22:56:56.0568 3008 [ DA66E851E76766D2C84502FE682AB175 ] ccHP C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
22:56:56.0599 3008 ccHP - ok
22:56:56.0646 3008 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:56:56.0709 3008 cdfs - ok
22:56:56.0755 3008 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:56:56.0787 3008 cdrom - ok
22:56:56.0833 3008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:56:56.0880 3008 CertPropSvc - ok
22:56:56.0927 3008 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:56:56.0943 3008 circlass - ok
22:56:56.0989 3008 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:56:57.0021 3008 CLFS - ok
22:56:57.0067 3008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:56:57.0083 3008 clr_optimization_v2.0.50727_32 - ok
22:56:57.0130 3008 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:56:57.0145 3008 clr_optimization_v2.0.50727_64 - ok
22:56:57.0255 3008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:56:57.0301 3008 clr_optimization_v4.0.30319_32 - ok
22:56:57.0364 3008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:56:57.0379 3008 clr_optimization_v4.0.30319_64 - ok
22:56:57.0395 3008 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:56:57.0426 3008 CmBatt - ok
22:56:57.0457 3008 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:56:57.0473 3008 cmdide - ok
22:56:57.0582 3008 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:56:57.0613 3008 CNG - ok
22:56:57.0691 3008 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:56:57.0707 3008 Com4QLBEx - ok
22:56:57.0769 3008 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:56:57.0785 3008 Compbatt - ok
22:56:57.0847 3008 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:56:57.0894 3008 CompositeBus - ok
22:56:57.0925 3008 COMSysApp - ok
22:56:57.0957 3008 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:56:57.0957 3008 crcdisk - ok
22:56:58.0019 3008 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:56:58.0050 3008 CryptSvc - ok
22:56:58.0113 3008 [ AF2587DD8BF9090D320454DE9F41E80C ] CXPLRCAP C:\Windows\system32\drivers\CxPlrCap.sys
22:56:58.0128 3008 CXPLRCAP - ok
22:56:58.0175 3008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:56:58.0222 3008 DcomLaunch - ok
22:56:58.0284 3008 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:56:58.0347 3008 defragsvc - ok
22:56:58.0378 3008 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:56:58.0425 3008 DfsC - ok
22:56:58.0471 3008 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:56:58.0518 3008 Dhcp - ok
22:56:58.0549 3008 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:56:58.0581 3008 discache - ok
22:56:58.0627 3008 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:56:58.0643 3008 Disk - ok
22:56:58.0674 3008 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:56:58.0705 3008 Dnscache - ok
22:56:58.0752 3008 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:56:58.0799 3008 dot3svc - ok
22:56:58.0846 3008 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:56:58.0893 3008 DPS - ok
22:56:58.0939 3008 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:56:58.0955 3008 drmkaud - ok
22:56:59.0002 3008 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:56:59.0033 3008 DXGKrnl - ok
22:56:59.0095 3008 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:56:59.0142 3008 EapHost - ok
22:56:59.0220 3008 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:56:59.0298 3008 ebdrv - ok
22:56:59.0392 3008 [ 066108AE4C35835081598827A1A7D08D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:56:59.0407 3008 eeCtrl - ok
22:56:59.0454 3008 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:56:59.0517 3008 EFS - ok
22:56:59.0595 3008 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:56:59.0641 3008 ehRecvr - ok
22:56:59.0673 3008 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:56:59.0704 3008 ehSched - ok
22:56:59.0751 3008 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:56:59.0766 3008 elxstor - ok
22:56:59.0829 3008 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
22:56:59.0875 3008 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
22:56:59.0875 3008 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
22:56:59.0938 3008 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
22:56:59.0953 3008 EpsonScanSvc - ok
22:57:00.0000 3008 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:57:00.0047 3008 ErrDev - ok
22:57:00.0109 3008 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:57:00.0172 3008 EventSystem - ok
22:57:00.0219 3008 [ 8ADACFFAD67394C711698EA074CE3BAB ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
22:57:00.0265 3008 ewusbnet - ok
22:57:00.0297 3008 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:57:00.0359 3008 exfat - ok
22:57:00.0375 3008 ezSharedSvc - ok
22:57:00.0406 3008 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:57:00.0453 3008 fastfat - ok
22:57:00.0499 3008 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:57:00.0546 3008 Fax - ok
22:57:00.0577 3008 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:57:00.0593 3008 fdc - ok
22:57:00.0640 3008 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:57:00.0702 3008 fdPHost - ok
22:57:00.0718 3008 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:57:00.0765 3008 FDResPub - ok
22:57:00.0827 3008 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:57:00.0827 3008 FileInfo - ok
22:57:00.0843 3008 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:57:00.0905 3008 Filetrace - ok
22:57:00.0921 3008 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:57:00.0952 3008 flpydisk - ok
22:57:00.0983 3008 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:57:00.0999 3008 FltMgr - ok
22:57:01.0045 3008 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
22:57:01.0123 3008 FontCache - ok
22:57:01.0155 3008 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:57:01.0170 3008 FsDepends - ok
22:57:01.0217 3008 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:57:01.0233 3008 Fs_Rec - ok
22:57:01.0295 3008 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:57:01.0311 3008 fvevol - ok
22:57:01.0373 3008 [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
22:57:01.0404 3008 FWLANUSB - ok
22:57:01.0435 3008 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:57:01.0451 3008 gagp30kx - ok
22:57:01.0529 3008 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
22:57:01.0545 3008 GameConsoleService - ok
22:57:01.0607 3008 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:57:01.0669 3008 gpsvc - ok
22:57:01.0825 3008 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:57:01.0825 3008 gupdate - ok
22:57:01.0888 3008 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:57:01.0903 3008 gupdatem - ok
22:57:01.0935 3008 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:57:01.0950 3008 hcw85cir - ok
22:57:02.0013 3008 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:57:02.0028 3008 HdAudAddService - ok
22:57:02.0044 3008 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:57:02.0075 3008 HDAudBus - ok
22:57:02.0091 3008 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:57:02.0122 3008 HidBatt - ok
22:57:02.0153 3008 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:57:02.0184 3008 HidBth - ok
22:57:02.0215 3008 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:57:02.0262 3008 HidIr - ok
22:57:02.0293 3008 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:57:02.0340 3008 hidserv - ok
22:57:02.0403 3008 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:57:02.0418 3008 HidUsb - ok
22:57:02.0465 3008 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:57:02.0527 3008 hkmsvc - ok
22:57:02.0559 3008 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:57:02.0590 3008 HomeGroupListener - ok
22:57:02.0621 3008 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:57:02.0652 3008 HomeGroupProvider - ok
22:57:02.0730 3008 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:57:02.0746 3008 HP Support Assistant Service - ok
22:57:02.0855 3008 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:57:02.0855 3008 HPDrvMntSvc.exe - ok
22:57:02.0917 3008 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:57:02.0949 3008 HpqKbFiltr - ok
22:57:03.0011 3008 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:57:03.0027 3008 hpqwmiex - ok
22:57:03.0089 3008 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:57:03.0089 3008 HpSAMD - ok
22:57:03.0167 3008 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:57:03.0214 3008 HTTP - ok
22:57:03.0276 3008 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:57:03.0292 3008 hwdatacard - ok
22:57:03.0354 3008 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:57:03.0370 3008 hwpolicy - ok
22:57:03.0385 3008 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
22:57:03.0417 3008 hwusbdev - ok
22:57:03.0448 3008 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:57:03.0463 3008 i8042prt - ok
22:57:03.0510 3008 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:57:03.0526 3008 iaStorV - ok
22:57:03.0573 3008 [ 5B6FDE76D72C2A1F0F99CBE5277E82EC ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101111.001\IDSvia64.sys
22:57:03.0588 3008 IDSVia64 - ok
22:57:03.0744 3008 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:57:03.0869 3008 igfx - ok
22:57:03.0885 3008 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:57:03.0900 3008 iirsp - ok
22:57:03.0947 3008 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:57:04.0009 3008 IKEEXT - ok
22:57:04.0041 3008 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:57:04.0056 3008 intelide - ok
22:57:04.0072 3008 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:57:04.0103 3008 intelppm - ok
22:57:04.0150 3008 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:57:04.0197 3008 IPBusEnum - ok
22:57:04.0228 3008 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:57:04.0290 3008 IpFilterDriver - ok
22:57:04.0321 3008 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:57:04.0384 3008 iphlpsvc - ok
22:57:04.0415 3008 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:57:04.0446 3008 IPMIDRV - ok
22:57:04.0477 3008 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:57:04.0540 3008 IPNAT - ok
22:57:04.0571 3008 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:57:04.0633 3008 IRENUM - ok
22:57:04.0680 3008 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:57:04.0680 3008 isapnp - ok
22:57:04.0696 3008 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:57:04.0727 3008 iScsiPrt - ok
22:57:04.0867 3008 [ 1152F8BEB568F2F72F1C5C32A1F4E529 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
22:57:04.0883 3008 ISWKL - ok
22:57:04.0945 3008 [ EF46EF3A790C42BBA9B5AFA2586448DB ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
22:57:04.0977 3008 IswSvc - ok
22:57:05.0008 3008 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:57:05.0023 3008 kbdclass - ok
22:57:05.0055 3008 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:57:05.0086 3008 kbdhid - ok
22:57:05.0117 3008 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:57:05.0117 3008 KeyIso - ok
22:57:05.0195 3008 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
22:57:05.0226 3008 KL1 - ok
22:57:05.0273 3008 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
22:57:05.0273 3008 kl2 - ok
22:57:05.0351 3008 [ 055790D38D7EC73AEF03E4AA7F67BA03 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:57:05.0367 3008 KLIF - ok
22:57:05.0398 3008 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:57:05.0413 3008 KSecDD - ok
22:57:05.0429 3008 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:57:05.0445 3008 KSecPkg - ok
22:57:05.0460 3008 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:57:05.0523 3008 ksthunk - ok
22:57:05.0554 3008 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:57:05.0616 3008 KtmRm - ok
22:57:05.0663 3008 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:57:05.0725 3008 LanmanServer - ok
22:57:05.0757 3008 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:57:05.0819 3008 LanmanWorkstation - ok
22:57:05.0881 3008 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:57:05.0897 3008 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:57:05.0897 3008 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:57:05.0944 3008 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:57:05.0991 3008 lltdio - ok
22:57:06.0037 3008 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:57:06.0084 3008 lltdsvc - ok
22:57:06.0115 3008 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:57:06.0162 3008 lmhosts - ok
22:57:06.0209 3008 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:57:06.0225 3008 LSI_FC - ok
22:57:06.0240 3008 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:57:06.0256 3008 LSI_SAS - ok
22:57:06.0271 3008 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:57:06.0287 3008 LSI_SAS2 - ok
22:57:06.0334 3008 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:57:06.0349 3008 LSI_SCSI - ok
22:57:06.0365 3008 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:57:06.0427 3008 luafv - ok
22:57:06.0474 3008 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:57:06.0490 3008 MBAMProtector - ok
22:57:06.0552 3008 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:57:06.0552 3008 MBAMScheduler - ok
22:57:06.0583 3008 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:57:06.0599 3008 MBAMService - ok
22:57:06.0646 3008 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:57:06.0677 3008 Mcx2Svc - ok
22:57:06.0693 3008 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:57:06.0708 3008 megasas - ok
22:57:06.0739 3008 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:57:06.0755 3008 MegaSR - ok
22:57:06.0817 3008 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:57:06.0880 3008 MMCSS - ok
22:57:06.0895 3008 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:57:06.0958 3008 Modem - ok
22:57:06.0989 3008 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:57:07.0020 3008 monitor - ok
22:57:07.0051 3008 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:57:07.0067 3008 mouclass - ok
22:57:07.0098 3008 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:57:07.0114 3008 mouhid - ok
22:57:07.0145 3008 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:57:07.0161 3008 mountmgr - ok
22:57:07.0254 3008 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:57:07.0270 3008 MozillaMaintenance - ok
22:57:07.0301 3008 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:57:07.0317 3008 mpio - ok
22:57:07.0317 3008 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:57:07.0363 3008 mpsdrv - ok
22:57:07.0410 3008 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:57:07.0473 3008 MpsSvc - ok
22:57:07.0504 3008 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:57:07.0519 3008 MRxDAV - ok
22:57:07.0566 3008 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:57:07.0613 3008 mrxsmb - ok
22:57:07.0644 3008 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:57:07.0675 3008 mrxsmb10 - ok
22:57:07.0707 3008 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:57:07.0707 3008 mrxsmb20 - ok
22:57:07.0753 3008 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:57:07.0769 3008 msahci - ok
22:57:07.0785 3008 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:57:07.0800 3008 msdsm - ok
22:57:07.0816 3008 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:57:07.0847 3008 MSDTC - ok
22:57:07.0894 3008 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:57:07.0941 3008 Msfs - ok
22:57:07.0956 3008 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:57:07.0987 3008 mshidkmdf - ok
22:57:08.0003 3008 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:57:08.0019 3008 msisadrv - ok
22:57:08.0081 3008 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:57:08.0143 3008 MSiSCSI - ok
22:57:08.0143 3008 msiserver - ok
22:57:08.0190 3008 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:57:08.0237 3008 MSKSSRV - ok
22:57:08.0253 3008 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:57:08.0299 3008 MSPCLOCK - ok
22:57:08.0315 3008 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:57:08.0377 3008 MSPQM - ok
22:57:08.0409 3008 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:57:08.0424 3008 MsRPC - ok
22:57:08.0471 3008 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:57:08.0487 3008 mssmbios - ok
22:57:08.0502 3008 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:57:08.0549 3008 MSTEE - ok
22:57:08.0565 3008 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:57:08.0611 3008 MTConfig - ok
22:57:08.0627 3008 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:57:08.0643 3008 Mup - ok
22:57:08.0674 3008 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:57:08.0736 3008 napagent - ok
22:57:08.0799 3008 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:57:08.0830 3008 NativeWifiP - ok
22:57:08.0845 3008 NAVENG - ok
22:57:08.0845 3008 NAVEX15 - ok
22:57:08.0908 3008 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:57:08.0939 3008 NDIS - ok
22:57:08.0955 3008 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:57:09.0001 3008 NdisCap - ok
22:57:09.0033 3008 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:57:09.0064 3008 NdisTapi - ok
22:57:09.0111 3008 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:57:09.0157 3008 Ndisuio - ok
22:57:09.0189 3008 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:57:09.0235 3008 NdisWan - ok
22:57:09.0267 3008 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:57:09.0329 3008 NDProxy - ok
22:57:09.0360 3008 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:57:09.0423 3008 NetBIOS - ok
22:57:09.0454 3008 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:57:09.0485 3008 NetBT - ok
22:57:09.0532 3008 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:57:09.0547 3008 Netlogon - ok
22:57:09.0594 3008 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:57:09.0657 3008 Netman - ok
22:57:09.0688 3008 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:57:09.0750 3008 netprofm - ok
22:57:09.0875 3008 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
22:57:09.0984 3008 netw5v64 - ok
22:57:10.0031 3008 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:57:10.0031 3008 nfrd960 - ok
22:57:10.0125 3008 [ 8E643FD5F38FA9A2EDA27268A1E9499F ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
22:57:10.0140 3008 NIS - ok
22:57:10.0203 3008 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:57:10.0234 3008 NlaSvc - ok
22:57:10.0265 3008 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:57:10.0296 3008 Npfs - ok
22:57:10.0312 3008 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:57:10.0374 3008 nsi - ok
22:57:10.0390 3008 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:57:10.0452 3008 nsiproxy - ok
22:57:10.0515 3008 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:57:10.0546 3008 Ntfs - ok
22:57:10.0561 3008 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:57:10.0593 3008 Null - ok
22:57:10.0639 3008 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:57:10.0655 3008 nvraid - ok
22:57:10.0671 3008 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:57:10.0686 3008 nvstor - ok
22:57:10.0733 3008 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:57:10.0749 3008 nv_agp - ok
22:57:10.0827 3008 [ DC08484919622981145136D68FA5CC3E ] ocster_backup c:\Program Files\Ocster Backup\bin\backupService-ox.exe
22:57:10.0842 3008 ocster_backup - ok
22:57:10.0858 3008 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:57:10.0889 3008 ohci1394 - ok
22:57:10.0920 3008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:57:10.0951 3008 p2pimsvc - ok
22:57:10.0983 3008 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:57:10.0998 3008 p2psvc - ok
22:57:11.0029 3008 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:57:11.0045 3008 Parport - ok
22:57:11.0076 3008 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:57:11.0092 3008 partmgr - ok
22:57:11.0107 3008 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:57:11.0139 3008 PcaSvc - ok
22:57:11.0154 3008 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:57:11.0185 3008 pci - ok
22:57:11.0185 3008 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:57:11.0201 3008 pciide - ok
22:57:11.0217 3008 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:57:11.0248 3008 pcmcia - ok
22:57:11.0263 3008 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:57:11.0279 3008 pcw - ok
22:57:11.0295 3008 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:57:11.0341 3008 PEAUTH - ok
22:57:11.0435 3008 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:57:11.0466 3008 PerfHost - ok
22:57:11.0513 3008 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:57:11.0591 3008 pla - ok
22:57:11.0669 3008 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:57:11.0685 3008 PlugPlay - ok
22:57:11.0716 3008 PnkBstrA - ok
22:57:11.0747 3008 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:57:11.0778 3008 PNRPAutoReg - ok
22:57:11.0809 3008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:57:11.0825 3008 PNRPsvc - ok
22:57:11.0872 3008 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:57:11.0903 3008 PolicyAgent - ok
22:57:11.0934 3008 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:57:11.0997 3008 Power - ok
22:57:12.0028 3008 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:57:12.0059 3008 PptpMiniport - ok
22:57:12.0075 3008 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:57:12.0106 3008 Processor - ok
22:57:12.0137 3008 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:57:12.0168 3008 ProfSvc - ok
22:57:12.0184 3008 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:57:12.0199 3008 ProtectedStorage - ok
22:57:12.0246 3008 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:57:12.0293 3008 Psched - ok
22:57:12.0340 3008 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
22:57:12.0355 3008 PSI - ok
22:57:12.0418 3008 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:57:12.0465 3008 ql2300 - ok
22:57:12.0480 3008 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:57:12.0496 3008 ql40xx - ok
22:57:12.0527 3008 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:57:12.0543 3008 QWAVE - ok
22:57:12.0574 3008 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:57:12.0605 3008 QWAVEdrv - ok
22:57:12.0667 3008 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
22:57:12.0683 3008 RapiMgr - ok
22:57:12.0699 3008 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:57:12.0745 3008 RasAcd - ok
22:57:12.0777 3008 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:57:12.0808 3008 RasAgileVpn - ok
22:57:12.0823 3008 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:57:12.0870 3008 RasAuto - ok
22:57:12.0901 3008 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:57:12.0948 3008 Rasl2tp - ok
22:57:13.0011 3008 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:57:13.0057 3008 RasMan - ok
22:57:13.0104 3008 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:57:13.0167 3008 RasPppoe - ok
22:57:13.0182 3008 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:57:13.0229 3008 RasSstp - ok
22:57:13.0494 3008 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:57:13.0541 3008 rdbss - ok
22:57:13.0557 3008 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:57:13.0588 3008 rdpbus - ok
22:57:13.0619 3008 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:57:13.0650 3008 RDPCDD - ok
22:57:13.0666 3008 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:57:13.0728 3008 RDPENCDD - ok
22:57:13.0744 3008 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:57:13.0791 3008 RDPREFMP - ok
22:57:13.0822 3008 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:57:13.0853 3008 RDPWD - ok
22:57:13.0900 3008 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:57:13.0915 3008 rdyboost - ok
22:57:13.0947 3008 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:57:13.0993 3008 RemoteAccess - ok
22:57:14.0056 3008 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:57:14.0103 3008 RemoteRegistry - ok
22:57:14.0165 3008 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:57:14.0181 3008 RichVideo - ok
22:57:14.0196 3008 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:57:14.0227 3008 RpcEptMapper - ok
22:57:14.0243 3008 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:57:14.0274 3008 RpcLocator - ok
22:57:14.0321 3008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:57:14.0368 3008 RpcSs - ok
22:57:14.0415 3008 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:57:14.0477 3008 rspndr - ok
22:57:14.0539 3008 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:57:14.0555 3008 RSUSBSTOR - ok
22:57:14.0586 3008 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:57:14.0617 3008 RTL8167 - ok
22:57:14.0633 3008 RtsUIR - ok
22:57:14.0664 3008 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:57:14.0680 3008 SamSs - ok
22:57:14.0711 3008 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:57:14.0727 3008 sbp2port - ok
22:57:14.0742 3008 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:57:14.0805 3008 SCardSvr - ok
22:57:14.0836 3008 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:57:14.0883 3008 scfilter - ok
22:57:14.0929 3008 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:57:14.0992 3008 Schedule - ok
22:57:15.0023 3008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:57:15.0070 3008 SCPolicySvc - ok
22:57:15.0117 3008 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
22:57:15.0163 3008 sdbus - ok
22:57:15.0195 3008 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:57:15.0226 3008 SDRSVC - ok
22:57:15.0273 3008 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:57:15.0319 3008 secdrv - ok
22:57:15.0351 3008 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:57:15.0397 3008 seclogon - ok
22:57:15.0460 3008 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:57:15.0497 3008 Secunia PSI Agent - ok
22:57:15.0516 3008 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
22:57:15.0532 3008 Secunia Update Agent - ok
22:57:15.0555 3008 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:57:15.0609 3008 SENS - ok
22:57:15.0657 3008 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:57:15.0673 3008 SensrSvc - ok
22:57:15.0684 3008 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:57:15.0698 3008 Serenum - ok
22:57:15.0743 3008 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:57:15.0775 3008 Serial - ok
22:57:15.0833 3008 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:57:15.0859 3008 sermouse - ok
22:57:15.0895 3008 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:57:15.0953 3008 SessionEnv - ok
22:57:15.0988 3008 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:57:16.0049 3008 sffdisk - ok
22:57:16.0067 3008 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:57:16.0098 3008 sffp_mmc - ok
22:57:16.0119 3008 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:57:16.0151 3008 sffp_sd - ok
22:57:16.0181 3008 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:57:16.0194 3008 sfloppy - ok
22:57:16.0251 3008 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:57:16.0313 3008 SharedAccess - ok
22:57:16.0348 3008 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:57:16.0405 3008 ShellHWDetection - ok
22:57:16.0441 3008 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:57:16.0454 3008 SiSRaid2 - ok
22:57:16.0468 3008 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:57:16.0483 3008 SiSRaid4 - ok
22:57:16.0533 3008 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:57:16.0590 3008 Smb - ok
22:57:16.0637 3008 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:57:16.0668 3008 SNMPTRAP - ok
22:57:16.0684 3008 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:57:16.0699 3008 spldr - ok
22:57:16.0746 3008 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:57:16.0762 3008 Spooler - ok
22:57:16.0855 3008 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:57:16.0965 3008 sppsvc - ok
22:57:16.0996 3008 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:57:17.0043 3008 sppuinotify - ok
22:57:17.0089 3008 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
22:57:17.0121 3008 SRTSP - ok
22:57:17.0136 3008 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
22:57:17.0136 3008 SRTSPX - ok
22:57:17.0167 3008 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:57:17.0230 3008 srv - ok
22:57:17.0277 3008 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:57:17.0292 3008 srv2 - ok
22:57:17.0339 3008 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:57:17.0355 3008 SrvHsfHDA - ok
22:57:17.0386 3008 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:57:17.0448 3008 SrvHsfV92 - ok
22:57:17.0479 3008 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:57:17.0495 3008 SrvHsfWinac - ok
22:57:17.0526 3008 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:57:17.0557 3008 srvnet - ok
22:57:17.0604 3008 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:57:17.0667 3008 SSDPSRV - ok
22:57:17.0682 3008 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:57:17.0729 3008 SstpSvc - ok
22:57:17.0791 3008 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
22:57:17.0838 3008 STacSV - ok
22:57:17.0869 3008 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:57:17.0869 3008 stexstor - ok
22:57:17.0947 3008 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
22:57:17.0963 3008 STHDA - ok
22:57:17.0994 3008 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:57:18.0025 3008 stisvc - ok
22:57:18.0072 3008 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:57:18.0072 3008 swenum - ok
22:57:18.0103 3008 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:57:18.0166 3008 swprv - ok
22:57:18.0197 3008 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
22:57:18.0228 3008 SymDS - ok
22:57:18.0275 3008 [ 42C952D131EFF724A9959BB6D78C1B63 ] SymEFA C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
22:57:18.0291 3008 SymEFA - ok
22:57:18.0322 3008 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:57:18.0337 3008 SymEvent - ok
22:57:18.0353 3008 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
22:57:18.0369 3008 SymIRON - ok
22:57:18.0384 3008 [ 8ABB6E5B7D75CD3F0A988695D0D9186A ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
22:57:18.0400 3008 SYMTDIv - ok
22:57:18.0462 3008 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:57:18.0478 3008 SynTP - ok
22:57:18.0540 3008 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:57:18.0603 3008 SysMain - ok
22:57:18.0634 3008 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:57:18.0665 3008 TabletInputService - ok
22:57:18.0681 3008 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:57:18.0727 3008 TapiSrv - ok
22:57:18.0759 3008 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:57:18.0821 3008 TBS - ok
22:57:18.0883 3008 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:57:18.0930 3008 Tcpip - ok
22:57:18.0977 3008 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:57:19.0008 3008 TCPIP6 - ok
22:57:19.0039 3008 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:57:19.0071 3008 tcpipreg - ok
22:57:19.0102 3008 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:57:19.0133 3008 TDPIPE - ok
22:57:19.0164 3008 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:57:19.0195 3008 TDTCP - ok
22:57:19.0242 3008 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:57:19.0289 3008 tdx - ok
22:57:19.0336 3008 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:57:19.0336 3008 TermDD - ok
22:57:19.0383 3008 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:57:19.0461 3008 TermService - ok
22:57:19.0554 3008 [ 8F14DE79EBE73D6D717B8455E64DDA86 ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
22:57:19.0554 3008 TGCM_ImportWiFiSvc - ok
22:57:19.0585 3008 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:57:19.0632 3008 Themes - ok
22:57:19.0663 3008 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:57:19.0710 3008 THREADORDER - ok
22:57:19.0741 3008 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:57:19.0804 3008 TrkWks - ok
22:57:19.0866 3008 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:57:19.0929 3008 TrustedInstaller - ok
22:57:19.0960 3008 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:57:20.0022 3008 tssecsrv - ok
22:57:20.0053 3008 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:57:20.0069 3008 TsUsbFlt - ok
22:57:20.0131 3008 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:57:20.0163 3008 tunnel - ok
22:57:20.0178 3008 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:57:20.0194 3008 uagp35 - ok
22:57:20.0209 3008 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:57:20.0272 3008 udfs - ok
22:57:20.0303 3008 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:57:20.0334 3008 UI0Detect - ok
22:57:20.0365 3008 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:57:20.0381 3008 uliagpkx - ok
22:57:20.0443 3008 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:57:20.0459 3008 umbus - ok
22:57:20.0506 3008 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:57:20.0584 3008 UmPass - ok
22:57:20.0599 3008 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:57:20.0662 3008 upnphost - ok
22:57:20.0693 3008 upperdev - ok
22:57:20.0740 3008 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:57:20.0771 3008 usbccgp - ok
22:57:20.0787 3008 USBCCID - ok
22:57:20.0896 3008 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:57:20.0958 3008 usbcir - ok
22:57:21.0005 3008 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:57:21.0036 3008 usbehci - ok
22:57:21.0067 3008 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:57:21.0067 3008 usbfilter - ok
22:57:21.0083 3008 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:57:21.0114 3008 usbhub - ok
22:57:21.0161 3008 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:57:21.0192 3008 usbohci - ok
22:57:21.0223 3008 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:57:21.0272 3008 usbprint - ok
22:57:21.0322 3008 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:57:21.0339 3008 usbscan - ok
22:57:21.0356 3008 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:57:21.0390 3008 USBSTOR - ok
22:57:21.0429 3008 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:57:21.0442 3008 usbuhci - ok
22:57:21.0497 3008 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:57:21.0515 3008 usbvideo - ok
22:57:21.0528 3008 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
22:57:21.0569 3008 usb_rndisx - ok
22:57:21.0599 3008 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:57:21.0656 3008 UxSms - ok
22:57:21.0695 3008 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:57:21.0709 3008 VaultSvc - ok
22:57:21.0764 3008 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:57:21.0777 3008 vdrvroot - ok
22:57:21.0811 3008 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:57:21.0857 3008 vds - ok
22:57:21.0882 3008 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:57:21.0899 3008 vga - ok
22:57:21.0910 3008 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:57:21.0964 3008 VgaSave - ok
22:57:21.0984 3008 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:57:22.0001 3008 vhdmp - ok
22:57:22.0011 3008 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:57:22.0023 3008 viaide - ok
22:57:22.0035 3008 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:57:22.0049 3008 volmgr - ok
22:57:22.0088 3008 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:57:22.0108 3008 volmgrx - ok
22:57:22.0141 3008 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:57:22.0159 3008 volsnap - ok
22:57:22.0229 3008 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
22:57:22.0240 3008 Vsdatant - ok
22:57:22.0271 3008 vsmon - ok
22:57:22.0302 3008 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:57:22.0318 3008 vsmraid - ok
22:57:22.0382 3008 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:57:22.0457 3008 VSS - ok
22:57:22.0488 3008 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:57:22.0522 3008 vwifibus - ok
22:57:22.0553 3008 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:57:22.0572 3008 vwififlt - ok
22:57:22.0619 3008 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:57:22.0638 3008 vwifimp - ok
22:57:22.0686 3008 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:57:22.0731 3008 W32Time - ok
22:57:22.0746 3008 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:57:22.0778 3008 WacomPen - ok
22:57:22.0838 3008 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:57:22.0888 3008 WANARP - ok
22:57:22.0892 3008 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:57:22.0929 3008 Wanarpv6 - ok
22:57:22.0977 3008 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:57:23.0016 3008 wbengine - ok
22:57:23.0030 3008 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:57:23.0053 3008 WbioSrvc - ok
22:57:23.0094 3008 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
22:57:23.0115 3008 WcesComm - ok
22:57:23.0149 3008 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:57:23.0191 3008 wcncsvc - ok
22:57:23.0220 3008 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:57:23.0235 3008 WcsPlugInService - ok
22:57:23.0257 3008 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:57:23.0269 3008 Wd - ok
22:57:23.0309 3008 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:57:23.0340 3008 Wdf01000 - ok
22:57:23.0355 3008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:57:23.0430 3008 WdiServiceHost - ok
22:57:23.0430 3008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:57:23.0462 3008 WdiSystemHost - ok
22:57:23.0508 3008 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:57:23.0618 3008 WebClient - ok
22:57:23.0649 3008 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:57:23.0696 3008 Wecsvc - ok
22:57:23.0696 3008 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:57:23.0742 3008 wercplsupport - ok
22:57:23.0789 3008 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:57:23.0836 3008 WerSvc - ok
22:57:23.0883 3008 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:57:23.0930 3008 WfpLwf - ok
22:57:23.0976 3008 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:57:23.0976 3008 WIMMount - ok
22:57:24.0008 3008 WinDefend - ok
22:57:24.0008 3008 WinHttpAutoProxySvc - ok
22:57:24.0054 3008 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:57:24.0086 3008 Winmgmt - ok
22:57:24.0148 3008 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:57:24.0226 3008 WinRM - ok
22:57:24.0288 3008 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:57:24.0335 3008 WinUsb - ok
22:57:24.0366 3008 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:57:24.0413 3008 Wlansvc - ok
22:57:24.0429 3008 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:57:24.0444 3008 WmiAcpi - ok
22:57:24.0476 3008 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:57:24.0507 3008 wmiApSrv - ok
22:57:24.0554 3008 WMPNetworkSvc - ok
22:57:24.0569 3008 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:57:24.0585 3008 WPCSvc - ok
22:57:24.0616 3008 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:57:24.0647 3008 WPDBusEnum - ok
22:57:24.0663 3008 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:57:24.0710 3008 ws2ifsl - ok
22:57:24.0756 3008 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:57:24.0788 3008 wscsvc - ok
22:57:24.0788 3008 WSearch - ok
22:57:24.0850 3008 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:57:24.0912 3008 wuauserv - ok
22:57:24.0944 3008 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:57:24.0959 3008 WudfPf - ok
22:57:25.0006 3008 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:57:25.0022 3008 WUDFRd - ok
22:57:25.0053 3008 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:57:25.0084 3008 wudfsvc - ok
22:57:25.0115 3008 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:57:25.0131 3008 WwanSvc - ok
22:57:25.0193 3008 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:57:25.0224 3008 yukonw7 - ok
22:57:25.0287 3008 ================ Scan global ===============================
22:57:25.0318 3008 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:57:25.0349 3008 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:57:25.0365 3008 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:57:25.0396 3008 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:57:25.0412 3008 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:57:25.0412 3008 [Global] - ok
22:57:25.0412 3008 ================ Scan MBR ==================================
22:57:25.0412 3008 [ 92346430B194230214553FBBB4F896BA ] \Device\Harddisk0\DR0
22:57:25.0661 3008 \Device\Harddisk0\DR0 - ok
22:57:25.0661 3008 ================ Scan VBR ==================================
22:57:25.0661 3008 [ E284B2FBEAE091A7BCA343596F952E5B ] \Device\Harddisk0\DR0\Partition1
22:57:25.0661 3008 \Device\Harddisk0\DR0\Partition1 - ok
22:57:25.0677 3008 [ 3D78C3A0CEFC2BB65E3346EAE0A6481D ] \Device\Harddisk0\DR0\Partition2
22:57:25.0692 3008 \Device\Harddisk0\DR0\Partition2 - ok
22:57:25.0708 3008 [ A2B0F9FAF5A2723B716EF0A51FDD984D ] \Device\Harddisk0\DR0\Partition3
22:57:25.0708 3008 \Device\Harddisk0\DR0\Partition3 - ok
22:57:25.0724 3008 [ F4824C45A6691182F4A177E132E45F81 ] \Device\Harddisk0\DR0\Partition4
22:57:25.0724 3008 \Device\Harddisk0\DR0\Partition4 - ok
22:57:25.0724 3008 ============================================================
22:57:25.0724 3008 Scan finished
22:57:25.0724 3008 ============================================================
22:57:25.0739 3000 Detected object count: 4
22:57:25.0739 3000 Actual detected object count: 4
23:18:20.0792 3000 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
23:18:20.0792 3000 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
23:18:20.0792 3000 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:20.0792 3000 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:18:20.0792 3000 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:20.0792 3000 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:18:20.0792 3000 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:20.0792 3000 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:37.0383 2948 Deinitialize success

22:12:36.0597 6344 TDSS rootkit removing tool 2.8.14.0 Oct 30 2012 13:37:33
22:12:44.0820 6344 Perform update action was selected
22:12:44.0825 2984 Deinitialize success

So hoffe hab jez alles richtig gemacht...sorry dass ich mich ein wenig doof anstelle...

wars das dann?kann ich die dateien einfach ich quarantäne schieben?

hier noch ein nachtrag von malware byte

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.15.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sascha Woitzik :: MAUSI [Administrator]

Schutz: Aktiviert

16.01.2013 00:30:17
mbam-log-2013-01-16 (00-30-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233505
Laufzeit: 4 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

alles erledigt

was jetzt?bin total verzweifelt

Alt 16.01.2013, 18:03   #13
markusg
/// Malware-holic
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.01.2013, 21:59   #14
Sascha2603
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-17.04 - Sascha Woitzik 18.01.2013  22:36:03.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4092.2665 [GMT 1:00]
ausgeführt von:: c:\users\Sascha Woitzik\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Claro LTD\claro\1.8.8.5\bh\clARo.dll
c:\program files (x86)\Claro LTD\claro\1.8.8.5\clARotlbr.dll
c:\users\Public\AlexaNSISPlugin.4604.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-18 bis 2013-01-18  ))))))))))))))))))))))))))))))
.
.
2013-01-18 21:45 . 2013-01-18 21:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-18 21:45 . 2013-01-18 21:45	--------	d-----w-	c:\users\_ocster_backup_\AppData\Local\temp
2013-01-18 21:05 . 2013-01-15 01:45	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{09E95BC1-E4B0-498A-B0B9-E61B1E87BD8D}\mpengine.dll
2013-01-18 21:05 . 2012-05-31 10:25	279656	------w-	c:\windows\system32\MpSigStub.exe
2013-01-16 16:23 . 2013-01-16 16:23	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Roaming\Claro
2013-01-16 16:23 . 2013-01-16 16:23	--------	d-----w-	c:\program files (x86)\Claro LTD
2013-01-16 16:22 . 2013-01-16 16:22	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Roaming\Claro LTD
2013-01-16 16:22 . 2013-01-16 16:22	--------	d-----w-	c:\programdata\IBUpdaterService
2013-01-16 15:33 . 2013-01-16 15:39	--------	d-----w-	c:\program files (x86)\Eusing Free Registry Cleaner
2013-01-16 15:15 . 2013-01-16 15:16	--------	d-----w-	C:\rei
2013-01-16 15:15 . 2013-01-16 15:15	--------	d-----w-	c:\program files\Reimage
2013-01-16 14:07 . 2012-10-30 22:50	285328	----a-w-	c:\windows\system32\aswBoot.exe
2013-01-16 14:06 . 2013-01-18 21:30	--------	d-----w-	c:\programdata\AVAST Software
2013-01-16 14:06 . 2013-01-16 14:06	--------	d-----w-	c:\program files\AVAST Software
2013-01-15 23:47 . 2013-01-15 23:47	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-01-15 21:13 . 2013-01-15 21:13	--------	d-----w-	c:\programdata\BrowserProtect
2013-01-15 21:12 . 2013-01-15 21:12	--------	d-----w-	c:\programdata\Babylon
2013-01-15 21:12 . 2013-01-15 21:12	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Roaming\Babylon
2013-01-15 21:12 . 2013-01-16 16:24	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Roaming\PerformerSoft
2013-01-15 20:59 . 2013-01-15 20:59	--------	d-----w-	C:\_OTL
2013-01-15 18:31 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-15 17:03 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-15 17:03 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-15 17:03 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-15 17:03 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-01-15 17:03 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-15 17:03 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-15 17:03 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-15 17:03 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-15 17:00 . 2012-11-30 05:45	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-15 16:59 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-15 16:59 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-15 15:55 . 2013-01-15 16:47	--------	d-----w-	c:\programdata\Spyware Terminator
2013-01-15 15:55 . 2013-01-15 15:55	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Roaming\Spyware Terminator
2013-01-15 15:54 . 2013-01-15 16:47	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2013-01-15 15:32 . 2013-01-15 15:32	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Roaming\Malwarebytes
2013-01-15 15:32 . 2013-01-15 15:32	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-15 15:32 . 2013-01-16 13:20	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-15 15:32 . 2013-01-15 15:32	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Local\Programs
2013-01-03 15:24 . 2013-01-16 13:19	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Roaming\Systweak
2013-01-03 15:24 . 2012-03-14 14:47	19000	----a-w-	c:\windows\system32\roboot64.exe
2013-01-03 15:24 . 2013-01-16 13:20	--------	d-----w-	c:\program files (x86)\RegClean Pro
2012-12-23 19:38 . 2012-12-23 19:38	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Local\Apps
2012-12-23 19:02 . 2012-12-23 19:02	--------	d-----w-	c:\program files (x86)\Amazon Browser Bar
2012-12-23 18:41 . 2012-12-23 18:41	--------	d-----w-	c:\users\Sascha Woitzik\AppData\Roaming\DVDVideoSoftIEHelpers
2012-12-23 18:40 . 2012-12-23 18:40	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-23 18:40 . 2012-12-23 18:40	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2012-12-22 21:37 . 2012-12-22 21:37	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2012-12-20 19:59 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-20 19:59 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-20 19:59 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-20 19:59 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-19 23:59 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-19 23:59 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-19 23:59 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-19 23:59 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-19 23:57 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-12-19 23:57 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-12-19 23:57 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-12-19 23:57 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-12-19 23:57 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-12-19 23:57 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-12-19 23:57 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-12-19 21:58 . 2012-10-03 17:56	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-12-19 21:57 . 2011-02-18 10:51	31232	----a-w-	c:\windows\system32\prevhost.exe
2012-12-19 21:57 . 2011-02-18 05:39	31232	----a-w-	c:\windows\SysWow64\prevhost.exe
2012-12-19 21:57 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-12-19 21:57 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-12-19 21:57 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-12-19 21:57 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 15:42 . 2010-09-25 19:44	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-17 20:47 . 2011-02-04 07:46	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-17 20:47 . 2011-01-18 10:44	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-17 20:47 . 2011-01-18 09:23	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-04 21:14 . 2012-08-31 22:21	270240	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-12-04 21:14 . 2012-08-31 22:14	270240	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-12-04 21:06 . 2012-08-31 22:14	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-04 21:06 . 2012-08-31 22:14	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-11-30 04:45 . 2013-01-15 17:00	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-16 08:50 . 2012-11-16 08:51	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-16 08:50 . 2012-11-16 08:52	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-11-16 08:50 . 2010-09-24 07:35	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-14 07:06 . 2012-12-13 22:49	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 22:49	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 22:49	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 22:49	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 22:49	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 22:49	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 22:49	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 22:49	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 22:49	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 22:49	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 22:49	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 22:49	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 22:49	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 22:49	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 22:50	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 22:49	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 22:49	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 22:49	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 22:49	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 22:49	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 22:49	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 22:49	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 22:08	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 22:08	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 22:15	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 22:15	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
2012-05-10 00:05	1607472	----a-w-	c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [2012-05-10 1607472]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Sascha Woitzik\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"F0A4CE5DD0A4B0A475ADC73ADA9D33760844BBD7._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-08 1248360]
"GoogleChromeAutoLaunch_CB81268D67772942F9B29CA5E587BCE6"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-08 1248360]
"Browser Infrastructure Helper"="c:\users\Sascha Woitzik\AppData\Local\Smartbar\Application\Linkury.exe" [2013-01-08 13824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261070~1.41\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [2010-11-04 953904]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [2010-04-29 150064]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 cpuz134;cpuz134;c:\users\SASCHA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys [2011-10-25 236160]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 246224]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [2009-08-30 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [2010-04-22 221232]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [2010-02-26 615040]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101111.001\IDSvia64.sys [2010-10-19 476720]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [2010-05-06 451120]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-01-04 2554472]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe [2011-12-11 135824]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [2011-08-08 21272]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-08-02 199600]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-16 16:06	1606760	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000Core.job
- c:\users\Sascha Woitzik\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-15 22:18]
.
2013-01-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000UA.job
- c:\users\Sascha Woitzik\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-15 22:18]
.
2013-01-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-11-08 08:50]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 09:36]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 09:36]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000Core.job
- c:\users\Sascha Woitzik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-04 19:21]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2659224977-2835993714-2068490527-1000UA.job
- c:\users\Sascha Woitzik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-04 19:21]
.
2013-01-18 c:\windows\Tasks\HPCeeScheduleForSascha Woitzik.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=hp&babsrc=lnkry_nt
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE: Free YouTube Download - c:\users\Sascha Woitzik\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{1CEFB440-E21B-4211-B7BB-2665BB65E227}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{4C41EF39-D064-46DB-BB9C-9E9E909E30AE}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Sascha Woitzik\AppData\Roaming\Mozilla\Firefox\Profiles\8uzgcqgq.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=hp&babsrc=lnkry
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=f8adfac5-e49c-4761-aee7-af0bc68e7876&affid=111583&searchtype=ds&babsrc=lnkry&q=
FF - ExtSQL: 2012-12-23 19:40; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2012-12-23 20:02; abb@amazon.com; c:\users\Sascha Woitzik\AppData\Roaming\Mozilla\Firefox\Profiles\8uzgcqgq.default\extensions\abb@amazon.com.xpi
FF - ExtSQL: 2012-12-25 21:56; helperbar@helperbar.com; c:\users\Sascha Woitzik\AppData\Roaming\Mozilla\Firefox\Profiles\8uzgcqgq.default\extensions\helperbar@helperbar.com
FF - ExtSQL: 2013-01-15 22:19; {58bd07eb-0ee0-4df0-8121-dc9b693373df}; c:\programdata\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - ExtSQL: 2013-01-16 15:14; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN19601824380693-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=5e7f7f47000000000000f67bcb90436c
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN19601824380693-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=5e7f7f47000000000000f67bcb90436c&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN19601824380693-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=5e7f7f47000000000000f67bcb90436c
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN19601824380693-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=5e7f7f47000000000000f67bcb90436c&q=
FF - user.js: extensions.zonealarm.id - 5e7f7f47000000000000f67bcb90436c
FF - user.js: extensions.zonealarm.instlDay - 15536
FF - user.js: extensions.zonealarm.vrsn - 1.5.24.4
FF - user.js: extensions.zonealarm.vrsni - 1.5.24.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.24.418:58
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN19601824380693-1001
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - 5e7f7f47000000000000f67bcb90436c
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15721
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.517:23
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{000F18F2-09EB-4A59-82B2-5AE4184C39C3} - c:\program files (x86)\Claro LTD\claro\1.8.8.5\bh\claro.dll
Toolbar-{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - c:\program files (x86)\Claro LTD\claro\1.8.8.5\claroTlbr.dll
SafeBoot-02028735.sys
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-18  22:49:33
ComboFix-quarantined-files.txt  2013-01-18 21:49
.
Vor Suchlauf: 16 Verzeichnis(se), 197.212.024.832 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 196.532.805.632 Bytes frei
.
- - End Of File - - E36F53B276878C9B7F86A55845238BE9
         
--- --- ---


hi,alles erledigt....

Alt 19.01.2013, 16:50   #15
markusg
/// Malware-holic
 
Hilfe Trojan.agent - Standard

Hilfe Trojan.agent



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Hilfe Trojan.agent
administrator, aktion, anti-malware, autostart, datei, dateien, explorer, folge, folgende, microsoft, namens, programm, registrierung, scan, service, setup, software, speicher, systemstart, test, trojan.agent, version, welchem, öffnen



Ähnliche Themen: Hilfe Trojan.agent


  1. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  2. Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (8)
  3. Trojan.Fakesmoke, Trojan.Agent-128337, Trojan.Agent-128287 bei Desinfect 2012 (Clam AV)
    Log-Analyse und Auswertung - 06.02.2013 (17)
  4. Trojaner gefunden: Win 32:Patcher [Trj], Win.Trojan.Agent-36124, Win.Trojan.Agent-44393
    Log-Analyse und Auswertung - 02.02.2013 (7)
  5. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  6. Bundestrojana : Trojan.Spyeyes und Trojan.Agent.Gen - Hilfe
    Log-Analyse und Auswertung - 18.06.2012 (1)
  7. Hilfe...Trojan.Agent
    Log-Analyse und Auswertung - 29.10.2011 (1)
  8. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)
  9. Hilfe bei Beseitigung Trojan.Agent/Gen
    Plagegeister aller Art und deren Bekämpfung - 25.09.2009 (21)
  10. Brauche Hilfe - Trojan.Agent
    Log-Analyse und Auswertung - 03.08.2009 (2)
  11. Trojan.Agent Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 24.07.2009 (16)
  12. Hilfe! Angeblich Trojan-PSW.Agent.win32.tz gefunden...
    Log-Analyse und Auswertung - 24.02.2008 (6)
  13. Brauche Hilfe! trojan-agent-winlogonhook, trojan-downloader-zlob, ...
    Plagegeister aller Art und deren Bekämpfung - 05.02.2008 (0)
  14. HILFE!!! Trojan.Dropper.Agent.TZ!!!
    Plagegeister aller Art und deren Bekämpfung - 23.12.2005 (3)
  15. Hilfe bez. Trojan-Downloader.Win32.Agent.hr
    Plagegeister aller Art und deren Bekämpfung - 11.10.2005 (10)
  16. Bitte Hilfe bei Trojan-Downloader.Win32.Agent.kb
    Log-Analyse und Auswertung - 03.03.2005 (17)
  17. Hilfe bei Trojan-Downloader.Win32.Agent.jb
    Plagegeister aller Art und deren Bekämpfung - 03.03.2005 (12)

Zum Thema Hilfe Trojan.agent - Hallo, Ich bin nach jedem Systemstart gefragt worden mit welchem Programm ich denn die folgende Datei namens ,,Sascha``öffnen wolle.Diese Datei lässt sich aber nirgends finden.Habe jetzt einen Scan mit Malwarebyte - Hilfe Trojan.agent...
Archiv
Du betrachtest: Hilfe Trojan.agent auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.